diff options
265 files changed, 14513 insertions, 5997 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index a07e8ab..9d30412 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -18,3 +18,10 @@ Please tick as appropriate and edit the reasons (e.g.: "backport: not needed bec Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the checklist for PR contributors. + +Help make review efficient: +* Multiple simple commits + - please structure your PR into a series of small commits, each of which does one thing +* Avoid force-push + - please do not force-push to update your PR - just add new commit(s) +* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process. diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc index 77a6b49..8055ce9 100644 --- a/3rdparty/everest/Makefile.inc +++ b/3rdparty/everest/Makefile.inc @@ -1,6 +1,6 @@ -THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib +THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/everest/include -I$(THIRDPARTY_DIR)/everest/include/everest -I$(THIRDPARTY_DIR)/everest/include/everest/kremlib THIRDPARTY_CRYPTO_OBJECTS+= \ - ../3rdparty/everest/library/everest.o \ - ../3rdparty/everest/library/x25519.o \ - ../3rdparty/everest/library/Hacl_Curve25519_joined.o + $(THIRDPARTY_DIR)/everest/library/everest.o \ + $(THIRDPARTY_DIR)/everest/library/x25519.o \ + $(THIRDPARTY_DIR)/everest/library/Hacl_Curve25519_joined.o diff --git a/3rdparty/p256-m/Makefile.inc b/3rdparty/p256-m/Makefile.inc index fc8f73b..53bb55b 100644 --- a/3rdparty/p256-m/Makefile.inc +++ b/3rdparty/p256-m/Makefile.inc @@ -1,5 +1,5 @@ -THIRDPARTY_INCLUDES+=-I../3rdparty/p256-m/p256-m/include -I../3rdparty/p256-m/p256-m/include/p256-m -I../3rdparty/p256-m/p256-m_driver_interface +THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/p256-m/p256-m/include -I$(THIRDPARTY_DIR)/p256-m/p256-m/include/p256-m -I$(THIRDPARTY_DIR)/p256-m/p256-m_driver_interface THIRDPARTY_CRYPTO_OBJECTS+= \ - ../3rdparty/p256-m//p256-m_driver_entrypoints.o \ - ../3rdparty/p256-m//p256-m/p256-m.o + $(THIRDPARTY_DIR)/p256-m//p256-m_driver_entrypoints.o \ + $(THIRDPARTY_DIR)/p256-m//p256-m/p256-m.o diff --git a/CMakeLists.txt b/CMakeLists.txt index 9644a74..0f22809 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,9 +34,15 @@ cmake_policy(SET CMP0011 NEW) cmake_policy(SET CMP0012 NEW) if(TEST_CPP) - project("Mbed TLS" LANGUAGES C CXX) + project("Mbed TLS" + LANGUAGES C CXX + VERSION 3.5.2 + ) else() - project("Mbed TLS" LANGUAGES C) + project("Mbed TLS" + LANGUAGES C + VERSION 3.5.2 + ) endif() include(GNUInstallDirs) @@ -114,6 +120,11 @@ if(MBEDTLS_PYTHON_EXECUTABLE) endif() +# We now potentially need to link all executables against PThreads, if available +set(CMAKE_THREAD_PREFER_PTHREAD TRUE) +set(THREADS_PREFER_PTHREAD_FLAG TRUE) +find_package(Threads) + # If this is the root project add longer list of available CMAKE_BUILD_TYPE values if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE} @@ -278,6 +289,8 @@ add_subdirectory(3rdparty) add_subdirectory(library) +add_subdirectory(pkgconfig) + # # The C files in tests/src directory contain test code shared among test suites # and programs. This shared test code is compiled and linked to test suites and diff --git a/ChangeLog.d/7765.txt b/ChangeLog.d/7765.txt new file mode 100644 index 0000000..3dd6b5d --- /dev/null +++ b/ChangeLog.d/7765.txt @@ -0,0 +1,3 @@ +Features + * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to + convert ECDSA signatures between raw and DER (ASN.1) formats. diff --git a/ChangeLog.d/8030.txt b/ChangeLog.d/8030.txt new file mode 100644 index 0000000..d99c9e7 --- /dev/null +++ b/ChangeLog.d/8030.txt @@ -0,0 +1,7 @@ +Changes + * Extended PSA Crypto configurations options for FFDH by making it possible + to select only some of the parameters / groups, with the macros + PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro + for each size you want to support. Also, if you have an FFDH accelerator, + you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal + support for these domain parameters. diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt new file mode 100644 index 0000000..98326dc --- /dev/null +++ b/ChangeLog.d/8647.txt @@ -0,0 +1,10 @@ +Default behavior changes + * psa_import_key() now only accepts RSA keys in the PSA standard formats. + The undocumented ability to import other formats (PKCS#8, SubjectPublicKey, + PEM) accepted by the pkparse module has been removed. Applications that + need these formats can call mbedtls_pk_parse_{public,}key() followed by + mbedtls_pk_import_into_psa(). + +Changes + * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules, + saving code size when those are not otherwise enabled. diff --git a/ChangeLog.d/8799.txt b/ChangeLog.d/8799.txt new file mode 100644 index 0000000..50e7c11 --- /dev/null +++ b/ChangeLog.d/8799.txt @@ -0,0 +1,3 @@ +Bugfix + * mbedtls_pem_read_buffer() now performs a check on the padding data of + decrypted keys and it rejects invalid ones. diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt new file mode 100644 index 0000000..6d6bcb7 --- /dev/null +++ b/ChangeLog.d/8824.txt @@ -0,0 +1,8 @@ +Bugfix + * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and + mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in + the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the + RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify + functions performed a PKCS#1 v1.5 signature instead and the + encrypt/decrypt functions returned an error. Fixes #8824. + diff --git a/ChangeLog.d/8825.txt b/ChangeLog.d/8825.txt new file mode 100644 index 0000000..914bd08 --- /dev/null +++ b/ChangeLog.d/8825.txt @@ -0,0 +1,6 @@ +Features + * mbedtls_psa_get_random() is always available as soon as + MBEDTLS_PSA_CRYPTO_CLIENT is enabled at build time and psa_crypto_init() is + called at runtime. This together with MBEDTLS_PSA_RANDOM_STATE can be + used as random number generator function (f_rng) and context (p_rng) in + legacy functions. diff --git a/ChangeLog.d/8848.txt b/ChangeLog.d/8848.txt new file mode 100644 index 0000000..71bb7e3 --- /dev/null +++ b/ChangeLog.d/8848.txt @@ -0,0 +1,6 @@ +Removals + * Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the + same behavior mbedtls_pk_get_psa_attributes() and + mbedtls_pk_import_into_psa() can be used to import a PK key into PSA, + while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque + PK context. diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt new file mode 100644 index 0000000..7f0fbc7 --- /dev/null +++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt @@ -0,0 +1,3 @@ +Features + * Add support for using AES-CBC 128, 192, and 256 bit schemes + with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse. diff --git a/ChangeLog.d/add_get_ecp_group_id.txt b/ChangeLog.d/add_get_ecp_group_id.txt new file mode 100644 index 0000000..3328062 --- /dev/null +++ b/ChangeLog.d/add_get_ecp_group_id.txt @@ -0,0 +1,3 @@ +Features + * Add new accessor to expose the private group id member of + `mbedtls_ecdh_context` structure. diff --git a/ChangeLog.d/benchmark-ecdh.txt b/ChangeLog.d/benchmark-ecdh.txt new file mode 100644 index 0000000..ef243b8 --- /dev/null +++ b/ChangeLog.d/benchmark-ecdh.txt @@ -0,0 +1,3 @@ +Features + * The benchmark program now reports times for both ephemeral and static + ECDH in all ECDH configurations. diff --git a/ChangeLog.d/domain_parameters.txt b/ChangeLog.d/domain_parameters.txt new file mode 100644 index 0000000..d860cc4 --- /dev/null +++ b/ChangeLog.d/domain_parameters.txt @@ -0,0 +1,9 @@ +New deprecations + * In the PSA API, domain parameters are no longer used for anything. + They are deprecated and will be removed in a future version of the + library. + +Removals + * In the PSA API, the experimental way to encode the public exponent of + an RSA key as a domain parameter is no longer supported. Use + psa_generate_key_ext() instead. diff --git a/ChangeLog.d/ecp_write_key.txt b/ChangeLog.d/ecp_write_key.txt new file mode 100644 index 0000000..73354c8 --- /dev/null +++ b/ChangeLog.d/ecp_write_key.txt @@ -0,0 +1,8 @@ +Features + * The new function mbedtls_ecp_write_key_ext() is similar to + mbedtls_ecp_write_key(), but can be used without separately calculating + the output length. + +New deprecations + * mbedtls_ecp_write_key() is deprecated in favor of + mbedtls_ecp_write_key_ext(). diff --git a/ChangeLog.d/fix-ssl-session-serialization-config.txt b/ChangeLog.d/fix-ssl-session-serialization-config.txt new file mode 100644 index 0000000..ca1cc81 --- /dev/null +++ b/ChangeLog.d/fix-ssl-session-serialization-config.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix missing bitflags in SSL session serialization headers. Their absence + allowed SSL sessions saved in one configuration to be loaded in a + different, incompatible configuration. diff --git a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt new file mode 100644 index 0000000..10e2795 --- /dev/null +++ b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt @@ -0,0 +1,3 @@ +Bugfix + * Correct initial capacities for key derivation algorithms:TLS12_PRF, + TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC diff --git a/ChangeLog.d/gcm-large-tables.txt b/ChangeLog.d/gcm-large-tables.txt new file mode 100644 index 0000000..f9bba5b --- /dev/null +++ b/ChangeLog.d/gcm-large-tables.txt @@ -0,0 +1,4 @@ +Features + * Add support for 8-bit GCM tables for Shoup's algorithm to speedup GCM + operations when hardware accelerated AES is not present. Improves + performance by around 30% on 64-bit Intel; 125% on Armv7-M. diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt new file mode 100644 index 0000000..fefc702 --- /dev/null +++ b/ChangeLog.d/gen-key-segfault.txt @@ -0,0 +1,3 @@ +Bugfix + * Avoid segmentation fault caused by releasing not initialized + entropy resource in gen_key example. Fixes #8809. diff --git a/ChangeLog.d/get_ticket_creation_time.txt b/ChangeLog.d/get_ticket_creation_time.txt new file mode 100644 index 0000000..7b5166c --- /dev/null +++ b/ChangeLog.d/get_ticket_creation_time.txt @@ -0,0 +1,3 @@ +Features + * Add getter (mbedtls_ssl_session_get_ticket_creation_time()) to access + `mbedtls_ssl_session.ticket_creation_time`. diff --git a/ChangeLog.d/linux-aarch64-hwcap.txt b/ChangeLog.d/linux-aarch64-hwcap.txt new file mode 100644 index 0000000..23af878 --- /dev/null +++ b/ChangeLog.d/linux-aarch64-hwcap.txt @@ -0,0 +1,4 @@ +Bugfix + * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512 + acceleration detection when the libc headers do not define the + corresponding constant. Reported by valord577. diff --git a/ChangeLog.d/mbedtls_pk_import_into_psa.txt b/ChangeLog.d/mbedtls_pk_import_into_psa.txt new file mode 100644 index 0000000..c294f44 --- /dev/null +++ b/ChangeLog.d/mbedtls_pk_import_into_psa.txt @@ -0,0 +1,4 @@ +Features + * The new functions mbedtls_pk_get_psa_attributes() and + mbedtls_pk_import_into_psa() provide a uniform way to create a PSA + key from a PK key. diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt new file mode 100644 index 0000000..e459470 --- /dev/null +++ b/ChangeLog.d/pkg-config-files-addition.txt @@ -0,0 +1,4 @@ +Features + * Add pc files for pkg-config, e.g.: + pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509) + diff --git a/ChangeLog.d/psa_generate_key_ext.txt b/ChangeLog.d/psa_generate_key_ext.txt new file mode 100644 index 0000000..8340f01 --- /dev/null +++ b/ChangeLog.d/psa_generate_key_ext.txt @@ -0,0 +1,3 @@ +Features + * The new function psa_generate_key_ext() allows generating an RSA + key pair with a custom public exponent. diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt new file mode 100644 index 0000000..bcd185f --- /dev/null +++ b/ChangeLog.d/rsa-bitlen.txt @@ -0,0 +1,7 @@ +Bugfix + * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a + multiple of 8. Fixes #868. + +Features + * The new function mbedtls_rsa_get_bitlen() returns the length of the modulus + in bits, i.e. the key size for an RSA key. diff --git a/ChangeLog.d/use_exp_mod_core.txt b/ChangeLog.d/use_exp_mod_core.txt new file mode 100644 index 0000000..8f7193a --- /dev/null +++ b/ChangeLog.d/use_exp_mod_core.txt @@ -0,0 +1,6 @@ +Changes + * mbedtls_mpi_exp_mod and code that uses it, notably RSA and DHM operations, + have changed their speed/memory compromise as part of a proactive security + improvement. The new default value of MBEDTLS_MPI_WINDOW_SIZE roughly + preserves the current speed, at the expense of increasing memory + consumption. diff --git a/ChangeLog.d/x509-add-ca_istrue.txt b/ChangeLog.d/x509-add-ca_istrue.txt new file mode 100644 index 0000000..c950dbc --- /dev/null +++ b/ChangeLog.d/x509-add-ca_istrue.txt @@ -0,0 +1,5 @@ +Features + * Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of + `mbedtls_x509_crt` structure. This requires setting + the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's + ext_types field. diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md new file mode 100644 index 0000000..912344e --- /dev/null +++ b/docs/architecture/psa-migration/psa-legacy-bridges.md @@ -0,0 +1,344 @@ +Bridges between legacy and PSA crypto APIs +========================================== + +## Introduction + +### Goal of this document + +This document explores the needs of applications that use both Mbed TLS legacy crypto interfaces and PSA crypto interfaces. Based on [requirements](#requirements), we [analyze gaps](#gap-analysis) and [API design](#api-design). + +This is a design document. The target audience is library maintainers. See the companion document [“Transitioning to the PSA API”](../../psa-transition.md) for a user focus on the same topic. + +### Keywords + +* [TODO] A part of the analysis that isn't finished. +* [OPEN] Open question: a specific aspect of the design where there are several plausible decisions. +* [ACTION] A finalized part of the design that will need to be carried out. + +### Context + +Mbed TLS 3.x supports two cryptographic APIs: + +* The legacy API `mbedtls_xxx` is inherited from PolarSSL. +* The PSA API `psa_xxx` was introduced in Mbed TLS 2.17. + +Mbed TLS is gradually shifting from the legacy API to the PSA API. Mbed TLS 4.0 will be the first version where the PSA API is considered the main API, and large parts of the legacy API will be removed. + +In Mbed TLS 4.0, the cryptography will be provided by a separate project [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto). For simplicity, in this document, we just refer to the whole as “Mbed TLS”. + +### Document history + +This document was originally written when preparing Mbed TLS 3.6. Mbed TLS 3.6 includes both PSA and legacy APIs covering largely overlapping ground. Many legacy APIs will be removed in Mbed TLS 4.0. + +## Requirements + +### Why mix APIs? + +There is functionality that is tied to one API and is not directly available in the other API: + +* Only PSA fully supports PSA accelerators and secure element integration. +* Only PSA supports isolating cryptographic material in a secure service. +* The legacy API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys. + +The legacy API can partially leverage PSA features via `MBEDTLS_USE_PSA_CRYPTO`, but this has limited scope. + +In addition, many applications cannot be migrated in a single go. For large projects, it is impractical to rewrite a significant part of the code all at once. (For example, Mbed TLS itself will have taken more than 6 years to transition.) Projects that use one or more library in addition to Mbed TLS must follow the evolution of these libraries, each of which might have its own pace. + +### Where mixing happens + +Mbed TLS can be, and normally is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs. + +Special effort is necessary to use both APIs as part of the implementation of the same feature. From an informal analysis of typical application requirements, we identify four parts of the use of cryptography which can be provided by different APIs: + +* Metadata manipulation: parsing and producing encrypted or signed files, finding mutually supported algorithms in a network protocol negotiation, etc. +* Key management: parsing, generating, deriving and formatting cryptographic keys. +* Data manipulation other than keys. In practice, most data formats within the scope of the legacy crypto APIs are trivial (ciphertexts, hashes, MACs, shared secrets). The one exception is ECDSA signatures. +* Cryptographic operations: hash, sign, encrypt, etc. + +From this, we deduce the following requirements: + +* Convert between PSA and legacy metadata. +* Creating a key with the legacy API and consuming it in the PSA API. +* Creating a key with the PSA API and consuming it in the legacy API. +* Manipulating data formats, other than keys, where the PSA API is lacking. + +### Scope limitations + +The goal of this document is to bridge the legacy API and the PSA API. The goal is not to provide a PSA way to do everything that is currently possible with the legacy API. The PSA API is less flexible in some regards, and extending it is out of scope in the present study. + +With respect to the legacy API, we do not consider functionality of low-level modules for individual algorithms. Our focus is on applications that use high-level legacy crypto modules (md, cipher, pk) and need to combine that with uses of the PSA APIs. + +## Gap analysis + +The document [“Transitioning to the PSA API”](../../psa-transition.md) enumerates the public header files in Mbed TLS 3.4 and the API elements (especially enums and functions) that they provide, listing PSA equivalents where they exist. There are gaps in two cases: + +* Where the PSA equivalents do not provide the same functionality. A typical example is parsing and formatting asymmetric keys. +* To convert between data representations used by legacy APIs and data representations used by PSA APIs. + +Based on “[Where mixing happens](#where-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explores the gaps in each family of cryptographic mechanisms. + +### Generic metadata gaps + +#### Need for error code conversion + +Do we need public functions to convert between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` error codes? We have such functions for internal use. + +Mbed TLS needs these conversions because it has many functions that expose one API (legacy/API) but are implemented on top of the other API. Most applications would convert legacy and PSA error code to their own error codes, and converting between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` is not particularly helpful for that. Application code might need such conversion functions when implementing an X.509 or TLS callback (returning `MBEDTLS_ERR_xxx`) on top of PSA functions, but this is a very limited use case. + +Conclusion: no need for public error code conversion functions. + +### Hash gap analysis + +Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with metadata, namely specifying a hash algorithm. + +Hashes are often used as building blocks for other mechanisms (HMAC, signatures, key derivation, etc.). Therefore metadata about hashes is relevant not only when calculating hashes, but also when performing many other cryptographic operations. + +Gap: functions to convert between `psa_algorithm_t` hash algorithms and `mbedtls_md_type_t`. Such functions exist in Mbed TLS 3.5 (`mbedtls_md_psa_alg_from_type`, `mbedtls_md_type_from_psa_alg`) but they are declared only in private headers. + +### MAC gap analysis + +[TODO] + +### Cipher and AEAD gap analysis + +[TODO] + +### Key derivation gap analysis + +[TODO] + +### Random generation gap analysis + +[TODO] + +### Asymmetric cryptography gap analysis + +#### Asymmetric cryptography metadata + +The legacy API only has generic support for two key types: RSA and ECC, via the pk module. ECC keys can also be further classified according to their curve. The legacy API also supports DHM (Diffie-Hellman-Merkle = FFDH: finite-field Diffie-Hellman) keys, but those are not integrated in the pk module. + +An RSA or ECC key can potentially be used for different algorithms in the scope of the pk module: + +* RSA: PKCS#1v1.5 signature, PSS signature, PKCS#1v1.5 encryption, OAEP encryption. +* ECC: ECDSA signature (randomized or deterministic), ECDH key agreement (via `mbedtls_pk_ec`). + +ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only needs one piece of metadata, namely, to identify a curve. + +Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (for the most part) limits them to one algorithm, there does not seem to be a need to convert between legacy and PSA asymmetric key types on their own. The useful metadata conversions are: + +* Selecting an **elliptic curve**. + + This means converting between an `mbedtls_ecp_group_id` and a pair of `{psa_ecc_family_t; size_t}`. + + This is fulfilled by `mbedtls_ecc_group_to_psa` and `mbedtls_ecc_group_from_psa`, which were introduced into the public API between Mbed TLS 3.5 and 3.6 ([#8664](https://github.com/Mbed-TLS/mbedtls/pull/8664)). + +* Selecting A **DHM group**. + + PSA only supports predefined groups, whereas legacy only supports ad hoc groups. An existing application referring to `MBEDTLS_DHM_RFC7919_FFDHExxx` values would need to refer to `PSA_DH_FAMILY_RFC7919`; an existing application using arbitrary groups cannot migrate to PSA. + +* Simultaneously supporting **a key type and an algorithm**. + + On the legacy side, this is an `mbedtls_pk_type_t` value and more. For ECDSA, the choice between randomized and deterministic is made at compile time. For RSA, the choice of encryption or signature algorithm is made either by configuring the underlying `mbedtls_rsa_context` or when calling the operation function. + + On the PSA side, this is a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `psa_key_attributes_t`. The algorithm is also needed in its own right when calling operation functions. + +#### Using a legacy key pair or public key with PSA + +There are several scenarios where an application has a legacy key pair or public key (`mbedtls_pk_context`) and needs to create a PSA key object (`psa_key_id_t`). + +Reasons for first creating a legacy key object, where it's impossible or impractical to directly create a PSA key: + +* A very common case where the input is a legacy key object is parsing. PSA does not (yet) have an equivalent of the `mbedtls_pk_parse_xxx` functions. +* The PSA key creation interface is less flexible in some cases. In particular, PSA RSA key generation does not (yet) allow choosing the public exponent. +* The pk object may be created by a part of the application (or a third-party library) that hasn't been migrated to the PSA API yet. + +Reasons for needing a PSA key object: + +* Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.) +* Benefiting from a PSA accelerator, or from PSA's world separation, even without `MBEDTLS_USE_PSA_CRYPTO`. (Not a priority scenario: we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA.) + +Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below. + +#### Using a PSA key as a PK context + +There are several scenarios where an application has a PSA key and needs to use it through an interface that wants an `mbedtls_pk_context` object. Typically, there is an existing key in the PSA key store (possibly in a secure element and non-exportable), and the key needs to be used in an interface that requires a `mbedtls_pk_context *` input, such as Mbed TLS's X.509 and TLS APIs or a similar third-party interface, or the `mbedtls_pk_write_xxx` interfaces which do not (yet) have PSA equivalents. + +There is a function `mbedtls_pk_setup_opaque` that mostly does this. However, it has several limitations: + +* It creates a PK key of type `MBEDTLS_PK_OPAQUE` that wraps the PSA key. This is good enough in some scenarios, but not others. For example, it's ok for pkwrite, because we've upgraded the pkwrite code to handle `MBEDTLS_PK_OPAQUE`. That doesn't help users of third-party libraries that haven't yet been upgraded. +* It ties the lifetime of the PK object to the PSA key, which is error-prone: if the PSA key is destroyed but the PK object isn't, there is no way to reliably detect any subsequent misuse of the PK object. +* It is only available under `MBEDTLS_USE_PSA_CRYPTO`. This is not a priority concern, since we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA. However, this function is useful to use specific PSA keys in X.509/TLS regardless of whether X.509/TLS use the PSA API for all cryptographic operations, so this is a wart in the current API. + +It therefore appears that we need two ways to “convert” a PSA key to PK: + +* Wrapping, which is what `mbedtls_pk_setup_opaque` does. This works for any PSA key but is limited by the key's lifetime and creates a PK object with limited functionality. +* Copying, which requires a new function. This requires an exportable key but creates a fully independent, fully functional PK object. + +Gap: a way to copy a PSA key into a PK context. This can only be expected to work if the PSA key is exportable. + +After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. We only want to generalize it to non-`MBEDTLS_USE_PSA_CRYPTO` and to document it better. + +#### Signature formats + +The pk module uses signature formats intended for X.509. The PSA module uses the simplest sensible signature format. + +* For RSA, the formats are the same. +* For ECDSA, PSA uses a fixed-size concatenation of (r,s), whereas X.509 and pk use an ASN.1 DER encoding of the sequence (r,s). + +Gap: We need APIs to convert between these two formats. The conversion code already exists under the hood, but it's in pieces that can't be called directly. + +There is a design choice here: do we provide conversions functions for ECDSA specifically, or do we provide conversion functions that take an algorithm as argument and just happen to be a no-op with RSA? One factor is plausible extensions. These conversions functions will remain useful in Mbed TLS 4.x and perhaps beyond. We will at least add EdDSA support, and its signature encoding is the fixed-size concatenation (r,s) even in X.509. We may well also add support for some post-quantum signatures, and their concrete format is still uncertain. + +Given the uncertainty, it would be nice to provide a sufficiently generic interface to convert between the PSA and the pk signature format, parametrized by the algorithm. However, it is difficult to predict exactly what parameters are needed. For example, converting from an ASN.1 ECDSA signature to (r,s) requires the knowledge of the curve, or at least the curve's size. Therefore we are not going to add a generic function at this stage. + +For ECDSA, there are two plausible APIs: follow the ASN.1/X.509 write/parse APIs, or present an ordinary input/output API. The ASN.1 APIs are the way they are to accommodate nested TLV structures. But ECDSA signatures do not appear nested in TLV structures in either TLS (there's just a signature field) or X.509 (the signature is inside a BITSTRING, not directly in a SEQUENCE). So there does not seem to be a need for an ASN.1-like API for the ASN.1 format, just the format conversion itself in a buffer that just contains the signature. + +#### Asymmetric cryptography TODO + +[TODO] Other gaps? + +## New APIs + +This section presents new APIs to implement based on the [gap analysis](#gap-analysis). + +### General notes + +Each action to implement a function entails: + +* Implement the library function. +* Document it precisely, including error conditions. +* Unit-test it. +* Mention it where relevant in the PSA transition guide. + +### Hash APIs + +Based on the [gap analysis](#hash-gap-analysis): + +[ACTION] [#8340](https://github.com/Mbed-TLS/mbedtls/issues/8340) Move `mbedtls_md_psa_alg_from_type` and `mbedtls_md_type_from_psa_alg` from `library/md_psa.h` to `include/mbedtls/md.h`. + +### MAC APIs + +[TODO] + +### Cipher and AEAD APIs + +[TODO] + +### Key derivation APIs + +[TODO] + +### Random generation APIs + +[TODO] + +### Asymmetric cryptography APIs + +#### Asymmetric cryptography metadata APIs + +Based on the [gap analysis](#asymmetric-cryptography-metadata): + +* No further work is needed about RSA specifically. The amount of metadata other than hashes is sufficiently small to be handled in ad hoc ways in applications, and hashes have [their own conversions](#hash-apis). +* No further work is needed about ECC specifically. We have just added adequate functions. +* No further work is needed about DHM specifically. There is no good way to translate the relevant information. +* [OPEN] Is there a decent way to convert between `mbedtls_pk_type_t` plus extra information, and `psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with different splits between key type, policy information and operation algorithm. + Thinking so far: there isn't really a nice way to present this conversion. For a specific key, `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_copy_from_psa` do the job. + +#### API to create a PSA key from a PK context + +Based on the [gap analysis](#using-a-legacy-key-pair-or-public-key-with-psa): + +Given an `mbedtls_pk_context`, we want a function that creates a PSA key with the same key material and algorithm. “Same key material” is straightforward, but “same algorithm” is not, because a PK context has incomplete algorithm information. For example, there is no way to distinguish between an RSA key that is intended for signature or for encryption. Between algorithms of the same nature, there is no way to distinguish a key intended for PKCS#1v1.5 and one intended for PKCS#1v2.1 (OAEP/PSS): this is indicated in the underlying RSA context, but the indication there is only a default that can be overridden by calling `mbedtls_pk_{sign,verify}_ext`. Also there is no way to distinguish between `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)` and `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`: in the legacy interface, this is only determined when actually doing a signature/verification operation. Therefore the function that creates the PSA key needs extra information to indicate which algorithm to put in the key's policy. + +When creating a PSA key, apart from the key material, the key is determined by attributes, which fall under three categories: + +* Type and size. These are directly related to the key material and can be deduced from it if the key material is in a structured format, which is the case with an `mbedtls_pk_context` input. +* Policy. This includes the chosen algorithm, which as discussed above cannot be fully deduced from the `mbedtls_pk_context` object. Just choosing one algorithm is problematic because it doesn't allow implementation-specific extensions, such as Mbed TLS's enrollment algorithm. The intended usage flags cannot be deduced from the PK context either, but the conversion function could sensibly just enable all the relevant usage flags. Users who want a more restrictive usage can call `psa_copy_key` and `psa_destroy_key` to obtain a PSA key object with a more restrictive usage. +* Persistence and location. This is completely orthogonal to the information from the `mbedtls_pk_context` object. It is convenient, but not necessary, for the conversion function to allow customizing these aspects. If it doesn't, users can call the conversion function and then call `psa_copy_key` and `psa_destroy_key` to move the key to its desired location. + +To allow the full flexibility around policies, and make the creation of a persistent key more convenient, the conversion function shall take a `const psa_key_attributes_t *` input, like all other functions that create a PSA key. In addition, there shall be a helper function to populate a `psa_key_attributes_t` with a sensible default. This lets the caller choose a more flexible, or just different usage policy, unlike the default-then-copy approach which only allows restricting the policy. + +This is close to the existing function `mbedtls_pk_wrap_as_opaque`, but does not bake in the implementation-specific consideration that a PSA key has exactly two algorithms, and also allows the caller to benefit from default for the policy in more cases. + +[ACTION] [#8708](https://github.com/Mbed-TLS/mbedtls/issues/8708) Implement `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_import_into_psa` as described below. These functions are available whenever `MBEDTLS_PK_C` and `MBEDTLS_PSA_CRYPTO_CLIENT` are both defined. Deprecate `mbedtls_pk_wrap_as_opaque`. + +``` +int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, + psa_key_usage_flags_t usage, + psa_key_attributes_t *attributes); +int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id); +``` + +* `mbedtls_pk_get_psa_attributes` does not change the id/lifetime fields of the attributes (which indicate a volatile key by default). + * [OPEN] Or should it reset them to 0? Resetting is more convenient for the case where the pk key is a `MBEDTLS_PK_OPAQUE`. But that's an uncommon use case. It's probably less surprising if this function leaves the lifetime-related alone, since its job is to set the type-related and policy-related attributes. +* `mbedtls_pk_get_psa_attributes` sets the type and size based on what's in the pk context. + * The key type is a key pair if the context contains a private key and the indicated usage is a private-key usage. The key type is a public key if the context only contains a public key, in which case a private-key usage is an error. +* `mbedtls_pk_get_psa_attributes` sets the usage flags based on the `usage` parameter. It extends the usage to other usage that is possible: + * `EXPORT` and `COPY` are always set. + * If `SIGN_{HASH,MESSAGE}` is set then so is `VERIFY_{HASH,MESSAGE}`. + * If `DECRYPT` is set then so is `ENCRYPT`. + * It is an error if `usage` has more than one flag set, or has a usage that is incompatible with the key type. +* `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key object and on `usage`. + * For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_PKCS1V15_CRYPT` for an encrypt/decrypt usage. + * For an RSA key with the `MBEDTLS_RSA_PKCS_V21` padding mode, the algorithm policy is `PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_OAEP(hash)` for an encrypt/decrypt usage where `hash` is from the RSA key's parameters. (Note that `PSA_ALG_ANY_HASH` is only allowed in signature algorithms.) + * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDSA` with a sign/verify usage, the algorithm policy is `PSA_ALG_DETERMINISTIC_ECDSA` if `MBEDTLS_ECDSA_DETERMINISTIC` is enabled and `PSA_ALG_ECDSA` otherwise. In either case, the hash policy is `PSA_ALG_ANY_HASH`. + * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDKEY_DH` with the usage `PSA_KEY_USAGE_DERIVE`, the algorithm is `PSA_ALG_ECDH`. + * For a `MBEDTLS_PK_OPAQUE`, this function reads the attributes of the existing PK key and copies them (without overriding the lifetime and key identifier in `attributes`), then applies a public-key restriction if needed. + * Public-key restriction: if `usage` is a public-key usage, change the type to the corresponding public-key type, and remove private-key usage flags from the usage flags read from the existing key. +* `mbedtls_pk_import_into_psa` checks that the type field in the attributes is consistent with the content of the `mbedtls_pk_context` object (RSA/ECC, and availability of the private key). + * The key type can be a public key even if the private key is available. +* `mbedtls_pk_import_into_psa` does not need to check the bit-size in the attributes: `psa_import_key` will do enough checks. +* `mbedtls_pk_import_into_psa` does not check that the policy in the attributes is sensible. That's on the user. + +#### API to copy a PSA key to a PK context + +Based on the [gap analysis](#using-a-psa-key-as-a-pk-context): + +[ACTION] [#8709](https://github.com/Mbed-TLS/mbedtls/issues/8709) Implement `mbedtls_pk_copy_from_psa` as described below. + +``` +int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id, + mbedtls_pk_context *pk); +``` + +* `pk` must be initialized, but not set up. +* It is an error if the key is neither a key pair nor a public key. +* It is an error if the key is not exportable. +* The resulting pk object has a transparent type, not `MBEDTLS_PK_OPAQUE`. That's `MBEDTLS_PK_RSA` for RSA keys (since pk objects don't use `MBEDTLS_PK_RSASSA_PSS` as a type), and `MBEDTLS_PK_ECKEY` for ECC keys (following the example of pkparse). +* Once this function returns, the pk object is completely independent of the PSA key. +* Calling `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt` on the resulting pk context will perform an algorithm that is compatible with the PSA key's primary algorithm policy (`psa_get_key_algorithm`) if that is a matching operation type (sign/verify, encrypt/decrypt), but with no restriction on the hash (as if the policy had `PSA_ALG_ANY_HASH` instead of a specific hash, and with `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` merged with `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`). + * For ECDSA, the choice of deterministic vs randomized will be based on the compile-time setting `MBEDTLS_ECDSA_DETERMINISTIC`, like `mbedtls_pk_sign` today. + * For an RSA key, the output key will allow both encrypt/decrypt and sign/verify regardless of the original key's policy. The original key's policy determines the output key's padding mode. + * The primary intent of this requirement is to allow an application to switch to PSA for creating the key material (for example to benefit from a PSA accelerator driver, or to start using a secure element), without modifying the code that consumes the key. For RSA keys, the PSA primary algorithm policy is how one conveys the same information as RSA key padding information in the legacy API. Convey this in the documentation. + +#### API to create a PK object that wraps a PSA key + +Based on the [gap analysis](#using-a-psa-key-as-a-pk-context): + +[ACTION] [#8712](https://github.com/Mbed-TLS/mbedtls/issues/8712) Clarify the documentation of `mbedtls_pk_setup_opaque` regarding which algorithms the resulting key will perform with `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt`. + +[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, not just when `MBEDTLS_USE_PSA_CRYPTO` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly. + +[OPEN] What about `mbedtls_pk_sign_ext` and `mbedtls_pk_verify_ext`? + +#### API to convert between signature formats + +Based on the [gap analysis](#signature-formats): + +[ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below. + +``` +int mbedtls_ecdsa_raw_to_der(size_t bits, + const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len); +int mbedtls_ecdsa_der_to_raw(size_t bits, + const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len); +``` + +* These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`. +* The input and output buffers can overlap. +* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice. +* Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015). diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index f59420e..4095d8e 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -105,7 +105,28 @@ provided by a driver or built-in, you should use the following macros: - for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from `psa/crypto.h`; - for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from - `mbedtls/md.h`. + `mbedtls/config_adjust_legacy_crypto.h`. + +### HMAC + +In addition to accelerated hash operations, it is also possible to accelerate +HMAC by enabling and accelerating: +- HMAC algorithm and key type, i.e. `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_HMAC` and + `[PSA_WANT|MBEDTLS_PSA_ACCEL]KEY_TYPE_HMAC`. +- Required hash algorithm(s) as explained in [Hashes](#hashes) section. + +In such a build it is possible to disable legacy HMAC support by disabling +`MBEDTLS_MD_C` and still getting crypto operations, X.509 and TLS to work as +usual. Exceptions are: +- As mentioned in [Hashes](#hashes) direct calls to legacy lo-level hash APIs + (`mbedtls_sha256()` etc.) will not be possible for the legacy modules that + are disabled. +- Legacy HMAC support (`mbedtls_md_hmac_xxx()`) won't be possible. +- `MBEDTLS_PKCS[5|7]_C`, `MBEDTLS_HMAC_DRBG_C` and `MBEDTLS_HKDF_C` since they + depend on the legacy implementation of HMAC. + - disabling HMAC_DRBG_C cause deterministic ECDSA (i.e. + `MBEDTLS_DETERMINISTIC_ECDSA` on the legacy side and + `PSA_WANT_ALG_DETERMINISTIC_ECDSA` on the PSA one) to be not available. Elliptic-curve cryptography (ECC) --------------------------------- diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index d041723..aa825ad 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -157,11 +157,11 @@ The driver wrapper functions in `psa_crypto_driver_wrappers.h.jinja` for all fou ``` #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && - PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && - attributes->core.bits == 256 ) + PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && + psa_get_key_bits(attributes) == 256 ) { status = p256_transparent_sign_hash( attributes, key_buffer, diff --git a/docs/psa-transition.md b/docs/psa-transition.md index e89128c..94b57eb 100644 --- a/docs/psa-transition.md +++ b/docs/psa-transition.md @@ -845,7 +845,6 @@ For an ECC private key (a future version of Mbed TLS [will provide a more direct ``` unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; -size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk)); mbedtls_ecp_keypair *ec = mbedtls_pk_ec(&pk); psa_ecc_curve_t curve; { @@ -862,7 +861,8 @@ psa_ecc_curve_t curve; mbedtls_ecp_point_free(&Q); mbedtls_mpi_free(&d); } -mbedtls_ecp_write_key(ec, buf, length); +size_t length; +mbedtls_ecp_write_key_ext(ec, &length, buf, sizeof(buf)); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...); @@ -900,8 +900,8 @@ mbedtls_ecp_keypair_init(&ec); // Omitted: fill ec with key material // (the public key will not be used and does not need to be set) unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; -size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk)); -mbedtls_ecp_write_key(&ec, buf, length); +size_t length; +mbedtls_ecp_write_key_ext(&ec, &length, buf, sizeof(buf)); psa_ecc_curve_t curve = ...; // need to determine the curve family manually psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); @@ -1300,7 +1300,7 @@ There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecd The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`: * Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future. -* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key`. +* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key_ext`. * Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants). ### Additional information about RSA diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index cbbb759..f2695a1 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include input +INPUT = ../include input ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 3c3bfad..ff019f4 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -197,7 +197,8 @@ typedef struct mbedtls_asn1_named_data { } mbedtls_asn1_named_data; -#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Get the length of an ASN.1 element. * Updates the pointer to immediately behind the length. @@ -244,7 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p, int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag); -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) /** diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 7af4aba..0c5a85a 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -36,7 +36,8 @@ extern "C" { #endif -#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) /** * \brief Write a length field in ASN.1 format. * @@ -65,7 +66,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, */ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag); -#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/ #if defined(MBEDTLS_ASN1_WRITE_C) /** diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 931e06d..71d7b97 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -51,15 +51,15 @@ #if !defined(MBEDTLS_MPI_WINDOW_SIZE) /* - * Maximum window size used for modular exponentiation. Default: 2 + * Maximum window size used for modular exponentiation. Default: 3 * Minimum value: 1. Maximum value: 6. * * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used - * for the sliding window calculation. (So 64 by default) + * for the sliding window calculation. (So 8 by default) * * Reduction in size, reduces speed. */ -#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 3 /**< Maximum window size used. */ #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ #if !defined(MBEDTLS_MPI_MAX_SIZE) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 2f336ba..99a449b 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -158,7 +158,8 @@ * (e.g. MBEDTLS_MD_LIGHT) */ #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \ - defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ + defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \ + defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */ #include "mbedtls/config_psa.h" #endif diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b211356..b3c038d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -27,18 +27,8 @@ #if !defined(MBEDTLS_PLATFORM_C) #error "MBEDTLS_PLATFORM_C is required on Windows" #endif - -/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as - * it would confuse config.py. */ -#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_SNPRINTF_ALT -#endif - -#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ - !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) -#define MBEDTLS_PLATFORM_VSNPRINTF_ALT -#endif +/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT + * in * config_adjust_legacy_crypto.h */ #endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ #if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) @@ -54,65 +44,6 @@ #error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense" #endif -/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart - * when PSA crypto is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C) - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255) -#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448) -#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192) -#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224) -#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256) -#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384) -#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521) -#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192) -#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart" -#endif - -/* SECP224K1 is buggy in PSA API so we skip this check */ -#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224) -#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart" -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256) -#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart" -#endif - -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */ - /* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`, * `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have * all 4 of them. @@ -154,7 +85,7 @@ #endif /* some curve accelerated */ #if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \ + (defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \ defined(PSA_WANT_ALG_ECB_NO_PADDING))) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif @@ -234,9 +165,8 @@ #endif #endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) && \ - ( !defined(MBEDTLS_ECP_C) || \ - !( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) ) +#if defined(MBEDTLS_ECJPAKE_C) && \ + !defined(MBEDTLS_ECP_C) #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites" #endif @@ -277,27 +207,8 @@ #error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" -#endif - -/* Helpers for hash dependencies, will be undefined at the end of the file */ -/* Do SHA-256, 384, 512 to cover Entropy and TLS. */ -#if defined(MBEDTLS_SHA256_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256)) -#define MBEDTLS_MD_HAVE_SHA256 -#endif -#if defined(MBEDTLS_SHA384_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384)) -#define MBEDTLS_MD_HAVE_SHA384 -#endif -#if defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512)) -#define MBEDTLS_MD_HAVE_SHA512 -#endif - #if defined(MBEDTLS_ENTROPY_C) && \ - !(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256)) + !(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256)) #error "MBEDTLS_ENTROPY_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_ENTROPY_C) && \ @@ -305,24 +216,24 @@ #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \ + (defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \ && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32) #error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high" #endif #if defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256) + defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites" #endif #if defined(__has_feature) #if __has_feature(memory_sanitizer) -#define MBEDTLS_HAS_MEMSAN +#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph #endif #endif #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN) #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer" #endif -#undef MBEDTLS_HAS_MEMSAN +#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above #if defined(MBEDTLS_CCM_C) && \ !(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \ @@ -388,28 +299,6 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif -/* Helper for JPAKE dependencies, will be undefined at the end of the file */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECJPAKE_C) -#define MBEDTLS_PK_HAVE_JPAKE -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -/* Helper for curve SECP256R1 */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(PSA_WANT_ECC_SECP_R1_256) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_PK_HAVE_CURVE_SECP256R1 -#endif -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_CAN_ECDH) || \ !defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \ @@ -463,47 +352,52 @@ #error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - ( !defined(MBEDTLS_PK_HAVE_JPAKE) || \ - !defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) ) +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(PSA_WANT_ALG_JPAKE) || \ + !defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + !defined(PSA_WANT_ECC_SECP_R1_256) ) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + ( !defined(MBEDTLS_ECJPAKE_C) || \ + !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) ) +#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Use of EC J-PAKE in TLS requires SHA-256. */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ - !defined(MBEDTLS_MD_HAVE_SHA256) + !defined(MBEDTLS_MD_CAN_SHA256) #error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites" #endif #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \ - !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ - ( !defined(MBEDTLS_SHA256_C) && \ - !defined(MBEDTLS_SHA512_C) && \ - !defined(MBEDTLS_SHA1_C) ) -#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C" -#endif - -#if defined(MBEDTLS_MD_C) && !( \ - defined(MBEDTLS_MD5_C) || \ - defined(MBEDTLS_RIPEMD160_C) || \ - defined(MBEDTLS_SHA1_C) || \ - defined(MBEDTLS_SHA224_C) || \ - defined(MBEDTLS_SHA256_C) || \ - defined(MBEDTLS_SHA384_C) || \ - defined(MBEDTLS_SHA512_C) || \ - (defined(MBEDTLS_PSA_CRYPTO_C) && \ - (defined(PSA_WANT_ALG_MD5) || \ - defined(PSA_WANT_ALG_RIPEMD160) || \ - defined(PSA_WANT_ALG_SHA_1) || \ - defined(PSA_WANT_ALG_SHA_224) || \ - defined(PSA_WANT_ALG_SHA_256) || \ - defined(PSA_WANT_ALG_SHA_384) || \ - defined(PSA_WANT_ALG_SHA_512)))) -#error "MBEDTLS_MD_C defined, but not all prerequisites" + !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA1) +#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1". +#endif + +#if defined(MBEDTLS_MD_C) && \ + !defined(MBEDTLS_MD_CAN_MD5) && \ + !defined(MBEDTLS_MD_CAN_RIPEMD160) && \ + !defined(MBEDTLS_MD_CAN_SHA1) && \ + !defined(MBEDTLS_MD_CAN_SHA224) && \ + !defined(MBEDTLS_MD_CAN_SHA256) && \ + !defined(MBEDTLS_MD_CAN_SHA384) && \ + !defined(MBEDTLS_MD_CAN_SHA512) && \ + !defined(MBEDTLS_MD_CAN_SHA3_224) && \ + !defined(MBEDTLS_MD_CAN_SHA3_256) && \ + !defined(MBEDTLS_MD_CAN_SHA3_384) && \ + !defined(MBEDTLS_MD_CAN_SHA3_512) +#error "MBEDTLS_MD_C defined, but no hash algorithm" #endif #if defined(MBEDTLS_LMS_C) && \ - ! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) ) + ! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) ) #error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" #endif @@ -538,11 +432,17 @@ #error "MBEDTLS_PK_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_PARSE_C) && \ + (!defined(MBEDTLS_ASN1_PARSE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C) +#if defined(MBEDTLS_PK_WRITE_C) && \ + (!defined(MBEDTLS_ASN1_WRITE_C) || \ + !defined(MBEDTLS_OID_C) || \ + !defined(MBEDTLS_PK_C)) #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites" #endif @@ -891,7 +791,7 @@ * Note: for dependencies common with TLS 1.2 (running handshake hash), * see MBEDTLS_SSL_TLS_C. */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ - !(defined(MBEDTLS_PSA_CRYPTO_C) && \ + !(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ defined(PSA_WANT_ALG_HKDF_EXPAND) && \ (defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384))) @@ -975,7 +875,7 @@ #endif #else /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_MD_C) || \ - !(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384)) + !(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384)) #error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites" #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1074,22 +974,20 @@ #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_ALT) #if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_ALT defined, but not all prerequisites" #endif -#define MBEDTLS_THREADING_IMPL +#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph #endif - #if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL) #error "MBEDTLS_THREADING_C defined, single threading implementation required" #endif -#undef MBEDTLS_THREADING_IMPL +#undef MBEDTLS_THREADING_IMPL // temporary macro defined above -#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT) #error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites" #endif @@ -1218,13 +1116,6 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif -/* Undefine helper symbols */ -#undef MBEDTLS_PK_HAVE_JPAKE -#undef MBEDTLS_MD_HAVE_SHA256 -#undef MBEDTLS_MD_HAVE_SHA384 -#undef MBEDTLS_MD_HAVE_SHA512 -#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1 - /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 815b5bb..1dc31c9 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -678,7 +678,6 @@ int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx, static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return 0; } @@ -698,7 +697,6 @@ static inline unsigned int mbedtls_cipher_get_block_size( static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return MBEDTLS_MODE_NONE; } @@ -719,7 +717,6 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return 0; } @@ -743,8 +740,6 @@ static inline int mbedtls_cipher_get_iv_size( static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_CIPHER_NONE); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return MBEDTLS_CIPHER_NONE; } @@ -764,7 +759,6 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return 0; } @@ -784,8 +778,6 @@ static inline const char *mbedtls_cipher_get_name( static inline int mbedtls_cipher_get_key_bitlen( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_KEY_LENGTH_NONE); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return MBEDTLS_KEY_LENGTH_NONE; } @@ -805,8 +797,6 @@ static inline int mbedtls_cipher_get_key_bitlen( static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx) { - MBEDTLS_INTERNAL_VALIDATE_RET( - ctx != NULL, MBEDTLS_OPERATION_NONE); if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) { return MBEDTLS_OPERATION_NONE; } diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 696266c..9b06041 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -22,6 +22,22 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +/* Ideally, we'd set those as defaults in mbedtls_config.h, but + * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. + * + * So, adjust it here. + * Not related to crypto, but this is the bottom of the stack. */ +#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900) +#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_SNPRINTF_ALT +#endif +#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \ + !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) +#define MBEDTLS_PLATFORM_VSNPRINTF_ALT +#endif +#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */ + /* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin * in PSA. */ #if defined(MBEDTLS_PSA_CRYPTO_C) && \ @@ -324,15 +340,6 @@ #define MBEDTLS_PSA_CRYPTO_CLIENT #endif /* MBEDTLS_PSA_CRYPTO_C */ -/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects - * when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO, - * and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_PK_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_PARSE_C -#endif - /* Helpers to state that each key is supported either on the builtin or PSA side. */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521) #define MBEDTLS_ECP_HAVE_SECP521R1 @@ -400,6 +407,13 @@ #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY #endif +/* psa_util file features some ECDSA conversion functions, to convert between + * legacy's ASN.1 DER format and PSA's raw one. */ +#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \ + (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA))) +#define MBEDTLS_PSA_UTIL_HAVE_ECDSA +#endif + /* Some internal helpers to determine which keys are availble. */ #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES)) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 691fed6..0091e24 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -47,139 +47,65 @@ */ /* ECC: curves: is acceleration complete? */ -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) +#if (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \ + !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)) || \ + (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \ + !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)) || \ + (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \ + !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)) || \ + (defined(PSA_WANT_ECC_SECP_R1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)) || \ + (defined(PSA_WANT_ECC_SECP_R1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)) || \ + (defined(PSA_WANT_ECC_SECP_R1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)) || \ + (defined(PSA_WANT_ECC_SECP_R1_384) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)) || \ + (defined(PSA_WANT_ECC_SECP_R1_521) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)) || \ + (defined(PSA_WANT_ECC_SECP_K1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)) || \ + (defined(PSA_WANT_ECC_SECP_K1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)) || \ + (defined(PSA_WANT_ECC_SECP_K1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES #endif -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) +#if (defined(PSA_WANT_ECC_MONTGOMERY_255) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)) || \ + (defined(PSA_WANT_ECC_MONTGOMERY_448) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_255) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#endif - -#if defined(PSA_WANT_ECC_MONTGOMERY_448) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_192) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_224) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_256) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_384) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_R1_521) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_192) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_224) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES -#endif - -#if defined(PSA_WANT_ECC_SECP_K1_256) && \ - !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES #endif /* ECC: algs: is acceleration complete? */ -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS -#endif - -#if defined(PSA_WANT_ALG_ECDH) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS -#endif - -#if defined(PSA_WANT_ALG_ECDSA) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS -#endif - -#if defined(PSA_WANT_ALG_JPAKE) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#if (defined(PSA_WANT_ALG_ECDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)) || \ + (defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)) || \ + (defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)) || \ + (defined(PSA_WANT_ALG_JPAKE) && !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS #endif /* ECC: key types: is acceleration complete? */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES +#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC #endif -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES -#endif - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES -#endif - /* Special case: we don't support cooked key derivation in drivers yet */ #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE #endif -/* Note: the condition is always true as DERIVE can't be accelerated yet */ -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \ - !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +/* Note: the condition about key derivation is always true as DERIVE can't be + * accelerated yet */ +#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)) || \ + (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)) #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES #endif @@ -386,8 +312,6 @@ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define MBEDTLS_ECP_LIGHT -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ @@ -396,8 +320,6 @@ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define MBEDTLS_ECP_LIGHT -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ @@ -405,8 +327,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define MBEDTLS_ECP_LIGHT -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ @@ -414,8 +334,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */ @@ -423,8 +341,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ @@ -433,20 +349,149 @@ #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \ defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#define MBEDTLS_ECP_LIGHT -#define MBEDTLS_BIGNUM_C #endif /* missing accel */ #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#define MBEDTLS_ECP_LIGHT +#define MBEDTLS_BIGNUM_C +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif + /* End of ECC section */ +/* + * DH key types follow the same pattern used above for EC keys. They are defined + * by a triplet (group, key_type, alg). A triplet is accelerated if all its + * component are accelerated, otherwise each component needs to be builtin. + */ + +/* DH: groups: is acceleration complete? */ +#if (defined(PSA_WANT_DH_RFC7919_2048) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)) || \ + (defined(PSA_WANT_DH_RFC7919_3072) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)) || \ + (defined(PSA_WANT_DH_RFC7919_4096) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)) || \ + (defined(PSA_WANT_DH_RFC7919_6144) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)) || \ + (defined(PSA_WANT_DH_RFC7919_8192) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192)) +#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS +#endif + +/* DH: algs: is acceleration complete? */ +#if defined(PSA_WANT_ALG_FFDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS +#endif + +/* DH: key types: is acceleration complete? */ +#if (defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)) || \ + (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)) || \ + (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)) || \ + (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)) || \ + (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) && \ + !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)) +#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES +#endif + +#if defined(PSA_WANT_DH_RFC7919_2048) +#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1 +#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */ +#endif /* PSA_WANT_DH_RFC7919_2048 */ + +#if defined(PSA_WANT_DH_RFC7919_3072) +#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1 +#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */ +#endif /* PSA_WANT_DH_RFC7919_3072 */ + +#if defined(PSA_WANT_DH_RFC7919_4096) +#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1 +#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */ +#endif /* PSA_WANT_DH_RFC7919_4096 */ + +#if defined(PSA_WANT_DH_RFC7919_6144) +#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1 +#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */ +#endif /* PSA_WANT_DH_RFC7919_6144 */ + +#if defined(PSA_WANT_DH_RFC7919_8192) +#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1 +#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */ +#endif /* PSA_WANT_DH_RFC7919_8192 */ + #if defined(PSA_WANT_ALG_FFDH) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES) #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 #define MBEDTLS_BIGNUM_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */ #endif /* PSA_WANT_ALG_FFDH */ +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */ + +#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \ + defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ + +/* End of DH section */ + #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) /* @@ -634,46 +679,12 @@ #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */ #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */ - -#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ - #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 #define MBEDTLS_RSA_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_OID_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index b841875..3456615 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -81,13 +81,22 @@ #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #define PSA_WANT_ALG_FFDH 1 -#define PSA_WANT_DH_FAMILY_RFC7919 1 +#define PSA_WANT_DH_RFC7919_2048 1 +#define PSA_WANT_DH_RFC7919_3072 1 +#define PSA_WANT_DH_RFC7919_4096 1 +#define PSA_WANT_DH_RFC7919_6144 1 +#define PSA_WANT_DH_RFC7919_8192 1 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1 +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1 +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1 +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1 +#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1 #endif /* MBEDTLS_DHM_C */ #if defined(MBEDTLS_GCM_C) diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 5dd331c..39c7b3b 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -34,6 +34,10 @@ #undef MBEDTLS_SSL_PROTO_DTLS #endif +#if !(defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)) +#undef MBEDTLS_SSL_TICKET_C +#endif + #if !defined(MBEDTLS_SSL_PROTO_DTLS) #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_CONNECTION_ID diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 922e5be..424ed4b 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -149,165 +149,8 @@ extern "C" { */ void mbedtls_debug_set_threshold(int threshold); -/** - * \brief Print a message to the debug output. This function is always used - * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl - * context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the message has occurred in - * \param line line number the message has occurred at - * \param format format specifier, in printf format - * \param ... variables used by the format specifier - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); - -/** - * \brief Print the return value of a function to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text the name of the function that returned the error - * \param ret the return code value - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, int ret); - -/** - * \brief Output a buffer of size len bytes to the debug output. This function - * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the buffer being dumped. Normally the - * variable or buffer name - * \param buf the buffer to be outputted - * \param len length of the buffer - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, const char *text, - const unsigned char *buf, size_t len); - -#if defined(MBEDTLS_BIGNUM_C) -/** - * \brief Print a MPI variable to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the MPI being output. Normally the - * variable name - * \param X the MPI variable - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_mpi *X); -#endif - -#if defined(MBEDTLS_ECP_LIGHT) -/** - * \brief Print an ECP point to the debug output. This function is always - * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the - * ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the ECP point being output. Normally the - * variable name - * \param X the ECP point - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_ecp_point *X); -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) -/** - * \brief Print a X.509 certificate structure to the debug output. This - * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, - * which supplies the ssl context, file and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param text a name or label for the certificate being output - * \param crt X.509 certificate structure - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const char *text, const mbedtls_x509_crt *crt); -#endif - -/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function - only works for the built-in implementation. */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ - defined(MBEDTLS_ECDH_C) -typedef enum { - MBEDTLS_DEBUG_ECDH_Q, - MBEDTLS_DEBUG_ECDH_QP, - MBEDTLS_DEBUG_ECDH_Z, -} mbedtls_debug_ecdh_attr; - -/** - * \brief Print a field of the ECDH structure in the SSL context to the debug - * output. This function is always used through the - * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file - * and line number parameters. - * - * \param ssl SSL context - * \param level error level of the debug message - * \param file file the error has occurred in - * \param line line number the error has occurred in - * \param ecdh the ECDH context - * \param attr the identifier of the attribute being output - * - * \attention This function is intended for INTERNAL usage within the - * library only. - */ -void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, - const char *file, int line, - const mbedtls_ecdh_context *ecdh, - mbedtls_debug_ecdh_attr attr); -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && - MBEDTLS_ECDH_C */ - #ifdef __cplusplus } #endif -#endif /* debug.h */ +#endif /* MBEDTLS_DEBUG_H */ diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 792db79..a0909d6 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -142,6 +142,19 @@ typedef struct mbedtls_ecdh_context { mbedtls_ecdh_context; /** + * \brief Return the ECP group for provided context. + * + * \note To access group specific fields, users should use + * `mbedtls_ecp_curve_info_from_grp_id` or + * `mbedtls_ecp_group_load` on the extracted `group_id`. + * + * \param ctx The ECDH context to parse. This must not be \c NULL. + * + * \return The \c mbedtls_ecp_group_id of the context. + */ +mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx); + +/** * \brief Check whether a given group can be used for ECDH. * * \param gid The ECP group ID to check. diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 76aef32..d8f73ae 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -24,6 +24,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include "mbedtls/bignum.h" @@ -1327,28 +1328,84 @@ int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, const unsigned char *buf, size_t buflen); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief This function exports an elliptic curve private key. * + * \deprecated Note that although this function accepts an output + * buffer that is smaller or larger than the key, most key + * import interfaces require the output to have exactly + * key's nominal length. It is generally simplest to + * pass the key's nominal length as \c buflen, after + * checking that the output buffer is large enough. + * See the description of the \p buflen parameter for + * how to calculate the nominal length. + * To avoid this difficulty, use mbedtls_ecp_write_key_ext() + * instead. + * mbedtls_ecp_write_key() is deprecated and will be + * removed in a future version of the library. + * + * \note If the private key was not set in \p key, + * the output is unspecified. Future versions + * may return an error in that case. + * * \param key The private key. * \param buf The output buffer for containing the binary representation - * of the key. (Big endian integer for Weierstrass curves, byte - * string for Montgomery curves.) + * of the key. + * For Weierstrass curves, this is the big-endian + * representation, padded with null bytes at the beginning + * to reach \p buflen bytes. + * For Montgomery curves, this is the standard byte string + * representation (which is little-endian), padded with + * null bytes at the end to reach \p buflen bytes. * \param buflen The total length of the buffer in bytes. + * The length of the output is + * (`grp->nbits` + 7) / 8 bytes + * where `grp->nbits` is the private key size in bits. + * For Weierstrass keys, if the output buffer is smaller, + * leading zeros are trimmed to fit if possible. For + * Montgomery keys, the output buffer must always be large + * enough for the nominal length. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or + * #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key + * representation is larger than the available space in \p buf. + * \return Another negative error code on different kinds of failure. + */ +int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +/** + * \brief This function exports an elliptic curve private key. + * + * \param key The private key. + * \param olen On success, the length of the private key. + * This is always (`grp->nbits` + 7) / 8 bytes + * where `grp->nbits` is the private key size in bits. + * \param buf The output buffer for containing the binary representation + * of the key. + * \param buflen The total length of the buffer in bytes. + * #MBEDTLS_ECP_MAX_BYTES is always sufficient. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key - representation is larger than the available space in \p buf. - * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for - * the group is not implemented. + * representation is larger than the available space in \p buf. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if no private key is + * set in \p key. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen); +int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key, + size_t *olen, unsigned char *buf, size_t buflen); /** * \brief This function exports an elliptic curve public key. * + * \note If the public key was not set in \p key, + * the output is unspecified. Future versions + * may return an error in that case. + * * \param key The public key. * \param format The point format. This must be either * #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED. @@ -1431,6 +1488,10 @@ mbedtls_ecp_group_id mbedtls_ecp_keypair_get_group_id( * Each of the output parameters can be a null pointer * if you do not need that parameter. * + * \note If the private key or the public key was not set in \p key, + * the corresponding output is unspecified. Future versions + * may return an error in that case. + * * \param key The key pair to export from. * \param grp Slot for exported ECP group. * It must either be null or point to an initialized ECP group. diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 631b392..98faa43 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -46,6 +46,12 @@ extern "C" { #if !defined(MBEDTLS_GCM_ALT) +#if defined(MBEDTLS_GCM_LARGE_TABLE) +#define MBEDTLS_GCM_HTABLE_SIZE 256 +#else +#define MBEDTLS_GCM_HTABLE_SIZE 16 +#endif + /** * \brief The GCM context structure. */ @@ -53,18 +59,18 @@ typedef struct mbedtls_gcm_context { #if defined(MBEDTLS_BLOCK_CIPHER_C) mbedtls_block_cipher_context_t MBEDTLS_PRIVATE(block_cipher_ctx); /*!< The cipher context used. */ #else - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ #endif - uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ - uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ - uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */ - uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */ - unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */ - unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */ - unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */ - int MBEDTLS_PRIVATE(mode); /*!< The operation to perform: - #MBEDTLS_GCM_ENCRYPT or - #MBEDTLS_GCM_DECRYPT. */ + uint64_t MBEDTLS_PRIVATE(H)[MBEDTLS_GCM_HTABLE_SIZE][2]; /*!< Precalculated HTable. */ + uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */ + uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */ + unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */ + unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */ + unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */ + unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform: + #MBEDTLS_GCM_ENCRYPT or + #MBEDTLS_GCM_DECRYPT. */ + unsigned char MBEDTLS_PRIVATE(acceleration); /*!< The acceleration to use. */ } mbedtls_gcm_context; diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 1a9baf1..3f2937a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2817,6 +2817,22 @@ #define MBEDTLS_GCM_C /** + * \def MBEDTLS_GCM_LARGE_TABLE + * + * Enable large pre-computed tables for Galois/Counter Mode (GCM). + * Can significantly increase throughput on systems without GCM hardware + * acceleration (e.g., AESNI, AESCE). + * + * The mbedtls_gcm_context size will increase by 3840 bytes. + * The code size will increase by roughly 344 bytes. + * + * Module: library/gcm.c + * + * Requires: MBEDTLS_GCM_C + */ +//#define MBEDTLS_GCM_LARGE_TABLE + +/** * \def MBEDTLS_HKDF_C * * Enable the HKDF algorithm (RFC 5869). @@ -3075,7 +3091,7 @@ * Caller: library/x509_crt.c * library/x509_csr.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key parse functions. */ @@ -3089,7 +3105,7 @@ * Module: library/pkwrite.c * Caller: library/x509write.c * - * Requires: MBEDTLS_PK_C + * Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C * * Uncomment to enable generic public key write functions. */ diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 8a67486..fdc25eb 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -288,12 +288,17 @@ #define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ /* - * Encryption algorithms + * Encryption algorithms, + * the following standardized object identifiers are specified at + * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C. */ #define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \ MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */ #define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */ #define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */ +#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */ +#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */ +#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */ /* * Key Wrapping algorithms diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index cc617a9..3c6a28d 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -73,11 +73,11 @@ void mbedtls_pem_init(mbedtls_pem_context *ctx); * \param data source data to look in (must be nul-terminated) * \param pwd password for decryption (can be NULL) * \param pwdlen length of password - * \param use_len destination for total length used (set after header is - * correctly read, so unless you get + * \param use_len destination for total length used from data buffer. It is + * set after header is correctly read, so unless you get * MBEDTLS_ERR_PEM_BAD_INPUT_DATA or * MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is - * the length to skip) + * the length to skip. * * \note Attempts to check password correctness by verifying if * the decrypted text starts with an ASN.1 sequence of diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 27768bd..d83152c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -28,7 +28,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" #endif @@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_USE_PSA_EC_DATA #endif -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ - /** * \brief Types for interfacing with the debug module */ @@ -253,6 +246,8 @@ typedef struct mbedtls_pk_context { * inside the ecp_keypair structure * - the following fields are used for all public key operations: signature * verify, key pair check and key write. + * - For a key pair, priv_id contains the private key. For a public key, + * priv_id is null. * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy * ecp_keypair structure is used for storing the public key and performing * all the operations. @@ -484,6 +479,168 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, psa_key_usage_t usage); #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +/** + * \brief Determine valid PSA attributes that can be used to + * import a key into PSA. + * + * The attributes determined by this function are suitable + * for calling mbedtls_pk_import_into_psa() to create + * a PSA key with the same key material. + * + * The typical flow of operations involving this function is + * ``` + * psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + * int ret = mbedtls_pk_get_psa_attributes(pk, &attributes); + * if (ret != 0) ...; // error handling omitted + * // Tweak attributes if desired + * psa_key_id_t key_id = 0; + * ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id); + * if (ret != 0) ...; // error handling omitted + * ``` + * + * \note This function does not support RSA-alt contexts + * (set up with mbedtls_pk_setup_rsa_alt()). + * + * \param[in] pk The PK context to use. It must have been set up. + * It can either contain a key pair or just a public key. + * \param usage A single `PSA_KEY_USAGE_xxx` flag among the following: + * - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_ENCRYPT as well as + * #PSA_KEY_USAGE_DECRYPT. + * - #PSA_KEY_USAGE_DERIVE: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type. + * - #PSA_KEY_USAGE_ENCRYPT: The output + * \p attributes will contain a public key type. + * - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_VERIFY_HASH as well as + * #PSA_KEY_USAGE_SIGN_HASH. + * - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a + * key pair. The output \p attributes will contain a + * key pair type, and the usage policy will allow + * #PSA_KEY_USAGE_VERIFY_MESSAGE as well as + * #PSA_KEY_USAGE_SIGN_MESSAGE. + * - #PSA_KEY_USAGE_VERIFY_HASH: The output + * \p attributes will contain a public key type. + * - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output + * \p attributes will contain a public key type. + * \param[out] attributes + * On success, valid attributes to import the key into PSA. + * - The lifetime and key identifier are unchanged. If the + * attribute structure was initialized or reset before + * calling this function, this will result in a volatile + * key. Call psa_set_key_identifier() before or after this + * function if you wish to create a persistent key. Call + * psa_set_key_lifetime() before or after this function if + * you wish to import the key in a secure element. + * - The key type and bit-size are determined by the contents + * of the PK context. If the PK context contains a key + * pair, the key type can be either a key pair type or + * the corresponding public key type, depending on + * \p usage. If the PK context contains a public key, + * the key type is a public key type. + * - The key's policy is determined by the key type and + * the \p usage parameter. The usage always allows + * \p usage, exporting and copying the key, and + * possibly other permissions as documented for the + * \p usage parameter. + * The permitted algorithm policy is determined as follows + * based on the #mbedtls_pk_type_t type of \p pk, + * the chosen \p usage and other factors: + * - #MBEDTLS_PK_RSA whose underlying + * #mbedtls_rsa_context has the padding mode + * #MBEDTLS_RSA_PKCS_V15: + * #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH) + * if \p usage is SIGN/VERIFY, and + * #PSA_ALG_RSA_PKCS1V15_CRYPT + * if \p usage is ENCRYPT/DECRYPT. + * - #MBEDTLS_PK_RSA whose underlying + * #mbedtls_rsa_context has the padding mode + * #MBEDTLS_RSA_PKCS_V21 and the digest type + * corresponding to the PSA algorithm \c hash: + * #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH) + * if \p usage is SIGN/VERIFY, and + * #PSA_ALG_RSA_OAEP(\c hash) + * if \p usage is ENCRYPT/DECRYPT. + * - #MBEDTLS_PK_RSA_ALT: not supported. + * - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY + * if \p usage is SIGN/VERIFY: + * #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH) + * if #MBEDTLS_ECDSA_DETERMINISTIC is enabled, + * otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH). + * - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY + * if \p usage is DERIVE: + * #PSA_ALG_ECDH. + * - #MBEDTLS_PK_OPAQUE: same as the primary algorithm + * set for the underlying PSA key, except that + * sign/decrypt flags are removed if the type is + * set to a public key type. + * The underlying key must allow \p usage. + * Note that the enrollment algorithm set with + * psa_set_key_enrollment_algorithm() is not copied. + * + * \return 0 on success. + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain + * a key of the type identified in \p attributes. + * Another error code on other failures. + */ +int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, + psa_key_usage_t usage, + psa_key_attributes_t *attributes); + +/** + * \brief Import a key into the PSA key store. + * + * This function is equivalent to calling psa_import_key() + * with the key material from \p pk. + * + * The typical way to use this function is: + * -# Call mbedtls_pk_get_psa_attributes() to obtain + * attributes for the given key. + * -# If desired, modify the attributes, for example: + * - To create a persistent key, call + * psa_set_key_identifier() and optionally + * psa_set_key_lifetime(). + * - To import only the public part of a key pair: + * + * psa_set_key_type(&attributes, + * PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( + * psa_get_key_type(&attributes))); + * - Restrict the key usage if desired. + * -# Call mbedtls_pk_import_into_psa(). + * + * \note This function does not support RSA-alt contexts + * (set up with mbedtls_pk_setup_rsa_alt()). + * + * \param[in] pk The PK context to use. It must have been set up. + * It can either contain a key pair or just a public key. + * \param[in] attributes + * The attributes to use for the new key. They must be + * compatible with \p pk. In particular, the key type + * must match the content of \p pk. + * If \p pk contains a key pair, the key type in + * attributes can be either the key pair type or the + * corresponding public key type (to import only the + * public part). + * \param[out] key_id + * On success, the identifier of the newly created key. + * On error, this is #MBEDTLS_SVC_KEY_ID_INIT. + * + * \return 0 on success. + * #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain + * a key of the type identified in \p attributes. + * Another error code on other failures. + */ +int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id); +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /** * \brief Verify signature (including padding if relevant). * @@ -502,14 +659,17 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, * \param sig Signature to verify * \param sig_len Signature length * + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or PSS (accepting any salt length), + * depending on the padding mode in the underlying RSA context. + * For a pk object constructed by parsing, this is PKCS#1 v1.5 + * by default. Use mbedtls_pk_verify_ext() to explicitly select + * a different algorithm. + * * \return 0 on success (signature is valid), * #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid * signature in \p sig but its length is less than \p sig_len, * or a specific error code. - * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... ) - * to verify RSASSA_PSS signatures. */ int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -596,11 +756,15 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * - * \return 0 on success, or a specific error code. + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or PSS (using the largest possible salt + * length up to the hash length), depending on the padding mode + * in the underlying RSA context. For a pk object constructed + * by parsing, this is PKCS#1 v1.5 by default. Use + * mbedtls_pk_verify_ext() to explicitly select a different + * algorithm. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. - * There is no interface in the PK module to make RSASSA-PSS - * signatures yet. + * \return 0 on success, or a specific error code. * * \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0. * For ECDSA, md_alg may never be MBEDTLS_MD_NONE. @@ -696,7 +860,10 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or OAEP, depending on the padding mode in + * the underlying RSA context. For a pk object constructed by + * parsing, this is PKCS#1 v1.5 by default. * * \return 0 on success, or a specific error code. */ @@ -717,9 +884,12 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * - * \note \p f_rng is used for padding generation. + * \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is + * either PKCS#1 v1.5 or OAEP, depending on the padding mode in + * the underlying RSA context. For a pk object constructed by + * parsing, this is PKCS#1 v1.5 by default. * - * \note For RSA keys, the default padding type is PKCS#1 v1.5. + * \note \p f_rng is used for padding generation. * * \return 0 on success, or a specific error code. */ @@ -1042,41 +1212,6 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *key); #endif /* MBEDTLS_PK_WRITE_C */ -/* - * Internal module functions. You probably do not want to use these unless you - * know you do. - */ -#if defined(MBEDTLS_FS_IO) -int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n); -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/** - * \brief Turn an EC or RSA key into an opaque one. - * - * \warning This is a temporary utility function for tests. It might - * change or be removed at any time without notice. - * - * \param pk Input: the EC or RSA key to import to a PSA key. - * Output: a PK context wrapping that PSA key. - * \param key Output: a PSA key identifier. - * It's the caller's responsibility to call - * psa_destroy_key() on that key identifier after calling - * mbedtls_pk_free() on the PK context. - * \param alg The algorithm to allow for use with that key. - * \param usage The usage to allow for use with that key. - * \param alg2 The secondary algorithm to allow for use with that key. - * - * \return \c 0 if successful. - * \return An Mbed TLS error code otherwise. - */ -int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, - mbedtls_svc_key_id_t *key, - psa_algorithm_t alg, - psa_key_usage_t usage, - psa_algorithm_t alg2); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - #ifdef __cplusplus } #endif diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 70b25a9..e9b4822 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -41,7 +41,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/asn1.h" -#include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" /** diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index cba02ab..1b371ef 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -23,10 +23,6 @@ extern "C" { #endif -/* Internal macros meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) do { } while (0) -#define MBEDTLS_INTERNAL_VALIDATE(cond) do { } while (0) - /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 47724c6..c78cc23 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -16,44 +16,29 @@ #include "psa/crypto.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +/* ASN1 defines used in the ECDSA conversion functions. + * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here + * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/ +#include <mbedtls/asn1write.h> -/* Expose whatever RNG the PSA subsystem uses to applications using the - * mbedtls_xxx API. The declarations and definitions here need to be - * consistent with the implementation in library/psa_crypto_random_impl.h. - * See that file for implementation documentation. */ - - -/* The type of a `f_rng` random generator function that many library functions - * take. - * - * This type name is not part of the Mbed TLS stable API. It may be renamed - * or moved without warning. - */ -typedef int mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size); - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** The random generator function for the PSA subsystem. * * This function is suitable as the `f_rng` random generator function - * parameter of many `mbedtls_xxx` functions. Use #MBEDTLS_PSA_RANDOM_STATE - * to obtain the \p p_rng parameter. + * parameter of many `mbedtls_xxx` functions. * * The implementation of this function depends on the configuration of the * library. * - * \note Depending on the configuration, this may be a function or - * a pointer to a function. - * * \note This function may only be used if the PSA crypto subsystem is active. * This means that you must call psa_crypto_init() before any call to * this function, and you must not call this function after calling * mbedtls_psa_crypto_free(). * - * \param p_rng The random generator context. This must be - * #MBEDTLS_PSA_RANDOM_STATE. No other state is - * supported. + * \param p_rng This parameter is only kept for backward compatibility + * reasons with legacy `f_rng` functions and it's ignored. + * Set to #MBEDTLS_PSA_RANDOM_STATE or NULL. * \param output The buffer to fill. It must have room for * \c output_size bytes. * \param output_size The number of bytes to write to \p output. @@ -75,32 +60,11 @@ int mbedtls_psa_get_random(void *p_rng, /** The random generator state for the PSA subsystem. * - * This macro expands to an expression which is suitable as the `p_rng` - * random generator state parameter of many `mbedtls_xxx` functions. - * It must be used in combination with the random generator function - * mbedtls_psa_get_random(). - * - * The implementation of this macro depends on the configuration of the - * library. Do not make any assumption on its nature. + * This macro always expands to NULL because the `p_rng` parameter is unused + * in mbedtls_psa_get_random(), but it's kept for interface's backward + * compatibility. */ -#define MBEDTLS_PSA_RANDOM_STATE NULL - -#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ - -#if defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/ctr_drbg.h" -typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t; -static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random; -#elif defined(MBEDTLS_HMAC_DRBG_C) -#include "mbedtls/hmac_drbg.h" -typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t; -static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random; -#endif -extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; - -#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state - -#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ +#define MBEDTLS_PSA_RANDOM_STATE NULL /** \defgroup psa_tls_helpers TLS helper functions * @{ @@ -175,8 +139,50 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa { return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK); } +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + +#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + +/** Convert an ECDSA signature from raw format to DER ASN.1 format. + * + * \param bits Size of each coordinate in bits. + * \param raw Buffer that contains the signature in raw format. + * \param raw_len Length of \p raw in bytes. This must be + * PSA_BITS_TO_BYTES(bits) bytes. + * \param[out] der Buffer that will be filled with the converted DER + * output. It can overlap with raw buffer. + * \param der_size Size of \p der in bytes. It is enough if \p der_size + * is at least the size of the actual output. (The size + * of the output can vary depending on the presence of + * leading zeros in the data.) You can use + * #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a + * size that is large enough for all signatures for a + * given value of \p bits. + * \param[out] der_len On success it contains the amount of valid data + * (in bytes) written to \p der. It's undefined + * in case of failure. + */ +int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len); + +/** Convert an ECDSA signature from DER ASN.1 format to raw format. + * + * \param bits Size of each coordinate in bits. + * \param der Buffer that contains the signature in DER format. + * \param der_len Size of \p der in bytes. + * \param[out] raw Buffer that will be filled with the converted raw + * signature. It can overlap with der buffer. + * \param raw_size Size of \p raw in bytes. Must be at least + * 2 * PSA_BITS_TO_BYTES(bits) bytes. + * \param[out] raw_len On success it is updated with the amount of valid + * data (in bytes) written to \p raw. It's undefined + * in case of failure. + */ +int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len); + +#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ /**@}*/ -#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 9136375..c1e76b3 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -427,6 +427,16 @@ int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP); /** + * \brief This function retrieves the length of the RSA modulus in bits. + * + * \param ctx The initialized RSA context. + * + * \return The length of the RSA modulus in bits. + * + */ +size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx); + +/** * \brief This function retrieves the length of RSA modulus in Bytes. * * \param ctx The initialized RSA context. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3629526..9a66663 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -90,8 +90,18 @@ #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 /** Not possible to read early data */ #define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 +/** + * Early data has been received as part of an on-going handshake. + * This error code can be returned only on server side if and only if early + * data has been enabled by means of the mbedtls_ssl_conf_early_data() API. + * This error code can then be returned by mbedtls_ssl_handshake(), + * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if + * early data has been received as part of the handshake sequence they + * triggered. To read the early data, call mbedtls_ssl_read_early_data(). + */ +#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA -0x7C00 /** Not possible to write early data */ -#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C00 +#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C80 /* Error space gap */ /* Error space gap */ /* Error space gap */ @@ -343,6 +353,26 @@ #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000 +/* + * Whether early data record should be discarded or not and how. + * + * The client has indicated early data and the server has rejected them. + * The server has then to skip past early data by either: + * - attempting to deprotect received records using the handshake traffic + * key, discarding records which fail deprotection (up to the configured + * max_early_data_size). Once a record is deprotected successfully, + * it is treated as the start of the client's second flight and the + * server proceeds as with an ordinary 1-RTT handshake. + * - skipping all records with an external content type of + * "application_data" (indicating that they are encrypted), up to the + * configured max_early_data_size. This is the expected behavior if the + * server has sent an HelloRetryRequest message. The server ignores + * application data message before 2nd ClientHello. + */ +#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0 +#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1 +#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2 + /** * \name SECTION: Module settings * @@ -704,6 +734,51 @@ typedef enum { } mbedtls_ssl_states; +/* + * Early data status, client side only. + */ + +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) +typedef enum { +/* + * The client has not sent the first ClientHello yet, it is unknown if the + * client will send an early data indication extension or not. + */ + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN, + +/* + * See documentation of mbedtls_ssl_get_early_data_status(). + */ + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED, + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * is not set and early data cannot be sent yet. + */ + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT, + +/* + * The client has sent an early data indication extension in its first + * ClientHello, it has not received the response (ServerHello or + * HelloRetryRequest) from the server yet. The transform to protect early data + * has been set and early data can be written now. + */ + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE, + +/* + * The client has sent an early data indication extension in its first + * ClientHello, the server has accepted them and the client has received the + * server Finished message. It cannot send early data to the server anymore. + */ + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED, +} mbedtls_ssl_early_data_status; + +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ + /** * \brief Callback type: send data on the network. * @@ -1194,6 +1269,7 @@ struct mbedtls_ssl_session { #endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ unsigned char MBEDTLS_PRIVATE(exported); + uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ /** TLS version negotiated in the session. Used if and when renegotiating * or resuming a session instead of the configured minor TLS version. @@ -1227,26 +1303,41 @@ struct mbedtls_ssl_session { uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_HAVE_TIME) + /*! When a ticket is created by a TLS server as part of an established TLS + * session, the ticket creation time may need to be saved for the ticket + * module to be able to check the ticket age when the ticket is used. + * That's the purpose of this field. + * Before creating a new ticket, an Mbed TLS server set this field with + * its current time in milliseconds. This time may then be saved in the + * session ticket data by the session ticket writing function and + * recovered by the ticket parsing function later when the ticket is used. + * The ticket module may then use this time to compute the ticket age and + * determine if it has expired or not. + * The Mbed TLS implementations of the session ticket writing and parsing + * functions save and retrieve the ticket creation time as part of the + * session ticket data. The session ticket parsing function relies on + * the mbedtls_ssl_session_get_ticket_creation_time() API to get the + * ticket creation time from the session ticket data. + */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); +#endif + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) - uint8_t MBEDTLS_PRIVATE(endpoint); /*!< 0: client, 1: server */ - uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ - uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ - uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ + uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */ + uint8_t MBEDTLS_PRIVATE(ticket_flags); /*!< Ticket flags */ + uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */ unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN]; #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_SSL_CLI_C) char *MBEDTLS_PRIVATE(hostname); /*!< host name binded with tickets */ #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_SSL_CLI_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); /*!< time when ticket was received. */ +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C) + /*! Time in milliseconds when the last ticket was received. */ + mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_reception_time); #endif -#if defined(MBEDTLS_SSL_SRV_C) - mbedtls_ms_time_t MBEDTLS_PRIVATE(ticket_creation_time); /*!< time when ticket was created. */ -#endif -#endif /* MBEDTLS_HAVE_TIME */ - #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_EARLY_DATA) @@ -1627,23 +1718,31 @@ struct mbedtls_ssl_context { #endif /* MBEDTLS_SSL_RENEGOTIATION */ /** - * Maximum TLS version to be negotiated, then negotiated TLS version. + * Maximum TLS version to be negotiated, then negotiated TLS version. * - * It is initialized as the configured maximum TLS version to be - * negotiated by mbedtls_ssl_setup(). + * It is initialized as the configured maximum TLS version to be + * negotiated by mbedtls_ssl_setup(). * - * When renegotiating or resuming a session, it is overwritten in the - * ClientHello writing preparation stage with the previously negotiated - * TLS version. + * When renegotiating or resuming a session, it is overwritten in the + * ClientHello writing preparation stage with the previously negotiated + * TLS version. * - * On client side, it is updated to the TLS version selected by the server - * for the handshake when the ServerHello is received. + * On client side, it is updated to the TLS version selected by the server + * for the handshake when the ServerHello is received. * - * On server side, it is updated to the TLS version the server selects for - * the handshake when the ClientHello is received. + * On server side, it is updated to the TLS version the server selects for + * the handshake when the ClientHello is received. */ mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) + /** + * Status of the negotiation of the use of early data. Reset to + * MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN when the context is reset. + */ + mbedtls_ssl_early_data_status MBEDTLS_PRIVATE(early_data_status); +#endif + unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -1760,6 +1859,19 @@ struct mbedtls_ssl_context { * within a single datagram. */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ +#if defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_SRV_C) + /* + * One of: + * MBEDTLS_SSL_EARLY_DATA_NO_DISCARD + * MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD + * MBEDTLS_SSL_EARLY_DATA_DISCARD + */ + uint8_t MBEDTLS_PRIVATE(discard_early_data_record); +#endif + uint32_t MBEDTLS_PRIVATE(total_early_data_size); /*!< Number of received/written early data bytes */ +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* * Record layer (outgoing data) */ @@ -1841,10 +1953,6 @@ struct mbedtls_ssl_context { * and #MBEDTLS_SSL_CID_DISABLED. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - int MBEDTLS_PRIVATE(early_data_status); -#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ - /** Callback to export key block and master secret */ mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys); void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ @@ -1993,7 +2101,7 @@ void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport); */ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_EARLY_DATA) /** * \brief Set the early data mode * Default: disabled on server and client @@ -2001,14 +2109,24 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode); * \param conf The SSL configuration to use. * \param early_data_enabled can be: * - * MBEDTLS_SSL_EARLY_DATA_DISABLED: early data functionality is disabled - * This is the default on client and server. - * - * MBEDTLS_SSL_EARLY_DATA_ENABLED: early data functionality is enabled and - * may be negotiated in the handshake. Application using - * early data functionality needs to be aware of the - * lack of replay protection of the early data application - * payloads. + * MBEDTLS_SSL_EARLY_DATA_DISABLED: + * Early data functionality is disabled. This is the default on client and + * server. + * + * MBEDTLS_SSL_EARLY_DATA_ENABLED: + * Early data functionality is enabled and may be negotiated in the handshake. + * Application using early data functionality needs to be aware that the + * security properties for early data (also refered to as 0-RTT data) are + * weaker than those for other kinds of TLS data. See the documentation of + * mbedtls_ssl_write_early_data() and mbedtls_ssl_read_early_data() for more + * information. + * When early data functionality is enabled on server and only in that case, + * the call to one of the APIs that trigger or resume an handshake sequence, + * namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), + * mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code + * MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have + * been received. To read the early data, call mbedtls_ssl_read_early_data() + * before calling the original function again. * * \warning This interface is experimental and may change without notice. * @@ -2048,7 +2166,7 @@ void mbedtls_ssl_conf_max_early_data_size( mbedtls_ssl_config *conf, uint32_t max_early_data_size); #endif /* MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */ +#endif /* MBEDTLS_SSL_EARLY_DATA */ #if defined(MBEDTLS_X509_CRT_PARSE_C) /** @@ -2572,6 +2690,34 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf, mbedtls_ssl_ticket_write_t *f_ticket_write, mbedtls_ssl_ticket_parse_t *f_ticket_parse, void *p_ticket); + +#if defined(MBEDTLS_HAVE_TIME) +/** + * \brief Get the creation time of a session ticket. + * + * \note See the documentation of \c ticket_creation_time for information about + * the intended usage of this function. + * + * \param session SSL session + * \param ticket_creation_time On exit, holds the ticket creation time in + * milliseconds. + * + * \return 0 on success, + * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid. + */ +static inline int mbedtls_ssl_session_get_ticket_creation_time( + mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time) +{ + if (session == NULL || ticket_creation_time == NULL || + session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time); + + return 0; +} +#endif /* MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ /** @@ -4679,7 +4825,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl * \param ssl The SSL context representing the connection for which to * to export a session structure for later resumption. * \param session The target structure in which to store the exported session. - * This must have been initialized with mbedtls_ssl_init_session() + * This must have been initialized with mbedtls_ssl_session_init() * but otherwise be unused. * * \note This function can handle a variety of mechanisms for session @@ -4733,6 +4879,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * \return #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use * and the client did not demonstrate reachability yet - in * this case you must stop using the context (see below). + * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as + * defined in RFC 8446 (TLS 1.3 specification), has been + * received as part of the handshake. This is server specific + * and may occur only if the early data feature has been + * enabled on server (see mbedtls_ssl_conf_early_data() + * documentation). You must call mbedtls_ssl_read_early_data() + * to read the early data before resuming the handshake. * \return Another SSL error code - in this case you must stop using * the context (see below). * @@ -4741,7 +4894,8 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * #MBEDTLS_ERR_SSL_WANT_READ, * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() * on it before re-using it for a new connection; the current @@ -4810,8 +4964,9 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl) * * \warning If this function returns something other than \c 0, * #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using * the SSL context for reading or writing, and either free it * or call \c mbedtls_ssl_session_reset() on it before * re-using it for a new connection; the current connection @@ -4879,6 +5034,13 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * \return #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server * side of a DTLS connection and the client is initiating a * new connection using the same source port. See below. + * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as + * defined in RFC 8446 (TLS 1.3 specification), has been + * received as part of the handshake. This is server specific + * and may occur only if the early data feature has been + * enabled on server (see mbedtls_ssl_conf_early_data() + * documentation). You must call mbedtls_ssl_read_early_data() + * to read the early data before resuming the handshake. * \return Another SSL error code - in this case you must stop using * the context (see below). * @@ -4887,8 +5049,9 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl); * #MBEDTLS_ERR_SSL_WANT_READ, * #MBEDTLS_ERR_SSL_WANT_WRITE, * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() * on it before re-using it for a new connection; the current @@ -4953,6 +5116,13 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * operation is in progress (see mbedtls_ecp_set_max_ops()) - * in this case you must call this function again to complete * the handshake when you're done attending other tasks. + * \return #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as + * defined in RFC 8446 (TLS 1.3 specification), has been + * received as part of the handshake. This is server specific + * and may occur only if the early data feature has been + * enabled on server (see mbedtls_ssl_conf_early_data() + * documentation). You must call mbedtls_ssl_read_early_data() + * to read the early data before resuming the handshake. * \return Another SSL error code - in this case you must stop using * the context (see below). * @@ -4960,8 +5130,9 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); * a non-negative value, * #MBEDTLS_ERR_SSL_WANT_READ, * #MBEDTLS_ERR_SSL_WANT_WRITE, - * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or - * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, * you must stop using the SSL context for reading or writing, * and either free it or call \c mbedtls_ssl_session_reset() * on it before re-using it for a new connection; the current @@ -5023,54 +5194,48 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_EARLY_DATA) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 - #if defined(MBEDTLS_SSL_SRV_C) /** - * \brief Read at most 'len' application data bytes while performing - * the handshake (early data). - * - * \note This function behaves mainly as mbedtls_ssl_read(). The - * specification of mbedtls_ssl_read() relevant to TLS 1.3 - * (thus not the parts specific to (D)TLS 1.2) applies to this - * function and the present documentation is restricted to the - * differences with mbedtls_ssl_read(). - * - * \param ssl SSL context + * \brief Read at most 'len' bytes of early data + * + * \note This API is server specific. + * + * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. + * IMPORTANT NOTE from section 2.3 of the specification: + * + * The security properties for 0-RTT data are weaker than + * those for other kinds of TLS data. Specifically: + * - This data is not forward secret, as it is encrypted + * solely under keys derived using the offered PSK. + * - There are no guarantees of non-replay between connections. + * Protection against replay for ordinary TLS 1.3 1-RTT data + * is provided via the server's Random value, but 0-RTT data + * does not depend on the ServerHello and therefore has + * weaker guarantees. This is especially relevant if the + * data is authenticated either with TLS client + * authentication or inside the application protocol. The + * same warnings apply to any use of the + * early_exporter_master_secret. + * + * \note This function is used in conjunction with + * mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), + * mbedtls_ssl_read() and mbedtls_ssl_write() to read early + * data when these functions return + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. + * + * \param ssl SSL context, it must have been initialized and set up. * \param buf buffer that will hold the data * \param len maximum number of bytes to read * - * \return One additional specific return value: - * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA. - * - * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA is returned when it - * is not possible to read early data for the SSL context - * \p ssl. - * - * It may have been possible and it is not possible - * anymore because the server received the End of Early Data - * message or the maximum number of allowed early data for the - * PSK in use has been reached. - * - * It may never have been possible and will never be possible - * for the SSL context \p ssl because the use of early data - * is disabled for that context or more generally the context - * is not suitably configured to enable early data or the - * client does not use early data or the first call to the - * function was done while the handshake was already too - * advanced to gather and accept early data. - * - * It is not possible to read early data for the SSL context - * \p ssl but this does not preclude for using it with - * mbedtls_ssl_write(), mbedtls_ssl_read() or - * mbedtls_ssl_handshake(). - * - * \note When a server wants to retrieve early data, it is expected - * that this function starts the handshake for the SSL context - * \p ssl. But this is not mandatory. - * + * \return The (positive) number of bytes read if successful. + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid. + * \return #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not + * possible to read early data for the SSL context \p ssl. Note + * that this function is intended to be called for an SSL + * context \p ssl only after a call to mbedtls_ssl_handshake(), + * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or + * mbedtls_ssl_write() for \p ssl that has returned + * #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA. */ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len); @@ -5081,17 +5246,43 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, * \brief Try to write exactly 'len' application data bytes while * performing the handshake (early data). * + * \warning Early data is defined in the TLS 1.3 specification, RFC 8446. + * IMPORTANT NOTE from section 2.3 of the specification: + * + * The security properties for 0-RTT data are weaker than + * those for other kinds of TLS data. Specifically: + * - This data is not forward secret, as it is encrypted + * solely under keys derived using the offered PSK. + * - There are no guarantees of non-replay between connections. + * Protection against replay for ordinary TLS 1.3 1-RTT data + * is provided via the server's Random value, but 0-RTT data + * does not depend on the ServerHello and therefore has + * weaker guarantees. This is especially relevant if the + * data is authenticated either with TLS client + * authentication or inside the application protocol. The + * same warnings apply to any use of the + * early_exporter_master_secret. + * * \note This function behaves mainly as mbedtls_ssl_write(). The * specification of mbedtls_ssl_write() relevant to TLS 1.3 * (thus not the parts specific to (D)TLS1.2) applies to this - * function and the present documentation is restricted to the - * differences with mbedtls_ssl_write(). + * function and the present documentation is mainly restricted + * to the differences with mbedtls_ssl_write(). One noticeable + * difference though is that mbedtls_ssl_write() aims to + * complete the handshake before to write application data + * while mbedtls_ssl_write_early() aims to drive the handshake + * just past the point where it is not possible to send early + * data anymore. * * \param ssl SSL context * \param buf buffer holding the data * \param len how many bytes must be written * - * \return One additional specific return value: + * \return The (non-negative) number of bytes actually written if + * successful (may be less than \p len). + * + * \return One additional specific error code compared to + * mbedtls_ssl_write(): * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA. * * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA is returned when it @@ -5112,9 +5303,11 @@ int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, * already completed. * * It is not possible to write early data for the SSL context - * \p ssl but this does not preclude for using it with + * \p ssl and any subsequent call to this API will return this + * error code. But this does not preclude for using it with * mbedtls_ssl_write(), mbedtls_ssl_read() or - * mbedtls_ssl_handshake(). + * mbedtls_ssl_handshake() and the handshake can be + * completed by calling one of these APIs. * * \note This function may write early data only if the SSL context * has been configured for the handshake with a PSK for which diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 8cecbb6..f755ef3 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -463,18 +463,6 @@ const int *mbedtls_ssl_list_ciphersuites(void); const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name); const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id); -#if defined(MBEDTLS_PK_C) -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); -#if defined(MBEDTLS_USE_PSA_CRYPTO) -psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); -psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); -#endif -mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); -#endif - -int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); -int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); - static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info) { return info->MBEDTLS_PRIVATE(name); @@ -482,133 +470,6 @@ static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_cip size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info); -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECJPAKE: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) -static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ - -static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_RSA: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ - -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_server_signature( - const mbedtls_ssl_ciphersuite_t *info) -{ - switch (info->MBEDTLS_PRIVATE(key_exchange)) { - case MBEDTLS_KEY_EXCHANGE_DHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return 1; - - default: - return 0; - } -} -#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ - #ifdef __cplusplus } #endif diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 6d59c12..5842049 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -50,6 +50,10 @@ typedef struct mbedtls_ssl_ticket_key { #if defined(MBEDTLS_HAVE_TIME) mbedtls_time_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ #endif + /*! Lifetime of the key in seconds. This is also the lifetime of the + * tickets created under that key. + */ + uint32_t MBEDTLS_PRIVATE(lifetime); #if !defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ #else diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index e2e0667..453f598 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -307,6 +307,7 @@ typedef struct mbedtls_x509_san_list { mbedtls_x509_san_list; /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ +/** \} addtogroup x509_module */ /** * \brief Store the certificate DN in printable form into buf; @@ -322,6 +323,23 @@ mbedtls_x509_san_list; int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn); /** + * \brief Convert the certificate DN string \p name into + * a linked list of mbedtls_x509_name (equivalent to + * mbedtls_asn1_named_data). + * + * \note This function allocates a linked list, and places the head + * pointer in \p head. This list must later be freed by a + * call to mbedtls_asn1_free_named_data_list(). + * + * \param[out] head Address in which to store the pointer to the head of the + * allocated list of mbedtls_x509_name + * \param[in] name The string representation of a DN to convert + * + * \return 0 on success, or a negative error code. + */ +int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); + +/** * \brief Return the next relative DN in an X509 name. * * \note Intended use is to compare function result to dn->next @@ -448,75 +466,6 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, */ void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san); -/** \} addtogroup x509_module */ - -/* - * Internal module functions. You probably do not want to use these unless you - * know you do. - */ -int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, - mbedtls_x509_name *cur); -int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg); -int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *alg, mbedtls_x509_buf *params); -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) -int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, - mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, - int *salt_len); -#endif -int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); -int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, - mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, - void **sig_opts); -int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, - mbedtls_x509_time *t); -int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *serial); -int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, - mbedtls_x509_buf *ext, int tag); -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, - mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, - const void *sig_opts); -#endif -int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); -int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name); -int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, - int critical, const unsigned char *val, - size_t val_len); -int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, - mbedtls_asn1_named_data *first); -int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, - const char *oid, size_t oid_len, - unsigned char *sig, size_t size, - mbedtls_pk_type_t pk_alg); -int mbedtls_x509_get_ns_cert_type(unsigned char **p, - const unsigned char *end, - unsigned char *ns_cert_type); -int mbedtls_x509_get_key_usage(unsigned char **p, - const unsigned char *end, - unsigned int *key_usage); -int mbedtls_x509_get_subject_alt_name(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, - const unsigned char *end, - mbedtls_x509_sequence *subject_alt_name); -int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, - const mbedtls_x509_sequence - *subject_alt_name, - const char *prefix); -int mbedtls_x509_info_cert_type(char **buf, size_t *size, - unsigned char ns_cert_type); -int mbedtls_x509_info_key_usage(char **buf, size_t *size, - unsigned int key_usage); - -int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, - const mbedtls_x509_san_list *san_list); - /** * \brief This function parses a CN string as an IP address. * @@ -547,4 +496,4 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst); } #endif -#endif /* x509.h */ +#endif /* MBEDTLS_X509_H */ diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3f1a1e7..1ce0d23 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -916,6 +916,18 @@ static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx, return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type; } +/** + * \brief Access the ca_istrue field + * + * \param[in] crt Certificate to be queried, must not be \c NULL + * + * \return \c 1 if this a CA certificate \c 0 otherwise. + * \return MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain + * the Optional Basic Constraint extension. + * + */ +int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt); + /** \} name Structures and functions for parsing and writing X.509 certificates */ #if defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fe10ee0..73889e0 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -119,8 +119,9 @@ static psa_key_attributes_t psa_key_attributes_init(void); * value in the structure. * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as - * psa_import_key(), psa_generate_key(), - * psa_key_derivation_output_key() or psa_copy_key(). + * psa_import_key(), psa_generate_key(), psa_generate_key_ext(), + * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext() + * or psa_copy_key(). * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, @@ -163,8 +164,9 @@ static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes, * value in the structure. * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as - * psa_import_key(), psa_generate_key(), - * psa_key_derivation_output_key() or psa_copy_key(). + * psa_import_key(), psa_generate_key(), psa_generate_key_ext(), + * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext() + * or psa_copy_key(). * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, @@ -3226,7 +3228,8 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * psa_key_derivation_set_capacity(). You may do this before, in the middle * of or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. - * -# To derive a key, call psa_key_derivation_output_key(). + * -# To derive a key, call psa_key_derivation_output_key() or + * psa_key_derivation_output_key_ext(). * To derive a byte string for a different purpose, call * psa_key_derivation_output_bytes(). * Successive calls to these functions use successive output bytes @@ -3449,7 +3452,8 @@ psa_status_t psa_key_derivation_input_integer( * \note Once all inputs steps are completed, the operations will allow: * - psa_key_derivation_output_bytes() if each input was either a direct input * or a key with #PSA_KEY_USAGE_DERIVE set; - * - psa_key_derivation_output_key() if the input for step + * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext() + * if the input for step * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD * was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set; @@ -3697,6 +3701,11 @@ psa_status_t psa_key_derivation_output_bytes( * Future versions of this specification may include additional restrictions * on the derived key based on the attributes and strength of the secret key. * + * \note This function is equivalent to calling + * psa_key_derivation_output_key_ext() + * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * and `params_data_length == 0` (i.e. `params->data` is empty). + * * \param[in] attributes The attributes for the new key. * If the key type to be created is * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in @@ -3750,6 +3759,83 @@ psa_status_t psa_key_derivation_output_key( psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t *key); +/** Derive a key from an ongoing key derivation operation with custom + * production parameters. + * + * See the description of psa_key_derivation_out_key() for the operation of + * this function with the default production parameters. + * Mbed TLS currently does not currently support any non-default production + * parameters. + * + * \note This function is experimental and may change in future minor + * versions of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. + * If the key type to be created is + * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in + * the policy must be the same as in the current + * operation. + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] params Customization parameters for the key derivation. + * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * with \p params_data_length = 0, + * this function is equivalent to + * psa_key_derivation_output_key(). + * Mbed TLS currently only supports the default + * production parameters, i.e. + * #PSA_KEY_PRODUCTION_PARAMETERS_INIT, + * for all key types. + * \param params_data_length + * Length of `params->data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * There was not enough data to create the desired key. + * Note that in this case, no output is written to the output buffer. + * The operation's capacity is set to 0, thus subsequent calls to + * this function will not succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size is not supported, either by the + * implementation in general or in this particular location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The provided key attributes are not valid for the operation. + * \retval #PSA_ERROR_NOT_PERMITTED + * The #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_output_key_ext( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key); + /** Compare output data from a key derivation operation to an expected value. * * This function calculates output bytes from a key derivation algorithm and @@ -3835,7 +3921,8 @@ psa_status_t psa_key_derivation_verify_bytes( * and the permitted algorithm must match the * operation. The value of this key was likely * computed by a previous call to - * psa_key_derivation_output_key(). + * psa_key_derivation_output_key() or + * psa_key_derivation_output_key_ext(). * * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE @@ -4003,6 +4090,10 @@ psa_status_t psa_generate_random(uint8_t *output, * between 2^{n-1} and 2^n where n is the bit size specified in the * attributes. * + * \note This function is equivalent to calling psa_generate_key_ext() + * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * and `params_data_length == 0` (i.e. `params->data` is empty). + * * \param[in] attributes The attributes for the new key. * \param[out] key On success, an identifier for the newly created * key. For persistent keys, this is the key @@ -4035,6 +4126,60 @@ psa_status_t psa_generate_random(uint8_t *output, psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key); +/** + * \brief Generate a key or key pair using custom production parameters. + * + * See the description of psa_generate_key() for the operation of this + * function with the default production parameters. In addition, this function + * supports the following production customizations, described in more detail + * in the documentation of ::psa_key_production_parameters_t: + * + * - RSA keys: generation with a custom public exponent. + * + * \note This function is experimental and may change in future minor + * versions of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. + * \param[in] params Customization parameters for the key generation. + * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * with \p params_data_length = 0, + * this function is equivalent to + * psa_generate_key(). + * \param params_data_length + * Length of `params->data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key); + /**@}*/ /** \defgroup interruptible_hash Interruptible sign/verify hash diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index f896fae..2a226c0 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -146,6 +146,83 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, */ psa_status_t psa_close_key(psa_key_handle_t handle); +/** \addtogroup attributes + * @{ + */ + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +/** Custom Diffie-Hellman group. + * + * Mbed TLS does not support custom DH groups. + * + * \deprecated This value is not useful, so this macro will be removed in + * a future version of the library. + */ +#define PSA_DH_FAMILY_CUSTOM \ + ((psa_dh_family_t) MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(0x7e)) + +/** + * \brief Set domain parameters for a key. + * + * \deprecated Mbed TLS no longer supports any domain parameters. + * This function only does the equivalent of + * psa_set_key_type() and will be removed in a future version + * of the library. + * + * \param[in,out] attributes Attribute structure where \p type will be set. + * \param type Key type (a \c PSA_KEY_TYPE_XXX value). + * \param[in] data Ignored. + * \param data_length Must be 0. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + */ +static inline psa_status_t MBEDTLS_DEPRECATED psa_set_key_domain_parameters( + psa_key_attributes_t *attributes, + psa_key_type_t type, const uint8_t *data, size_t data_length) +{ + (void) data; + if (data_length != 0) { + return PSA_ERROR_NOT_SUPPORTED; + } + psa_set_key_type(attributes, type); + return PSA_SUCCESS; +} + +/** + * \brief Get domain parameters for a key. + * + * \deprecated Mbed TLS no longer supports any domain parameters. + * This function alwaya has an empty output and will be + * removed in a future version of the library. + + * \param[in] attributes Ignored. + * \param[out] data Ignored. + * \param data_size Ignored. + * \param[out] data_length Set to 0. + * + * \retval #PSA_SUCCESS \emptydescription + */ +static inline psa_status_t MBEDTLS_DEPRECATED psa_get_key_domain_parameters( + const psa_key_attributes_t *attributes, + uint8_t *data, size_t data_size, size_t *data_length) +{ + (void) attributes; + (void) data; + (void) data_size; + *data_length = 0; + return PSA_SUCCESS; +} + +/** Safe output buffer size for psa_get_key_domain_parameters(). + * + */ +#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \ + MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(1u) +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +/**@}*/ + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 5bf00f4..36e937a 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -109,6 +109,12 @@ #define PSA_WANT_ECC_SECP_R1_384 1 #define PSA_WANT_ECC_SECP_R1_521 1 +#define PSA_WANT_DH_RFC7919_2048 1 +#define PSA_WANT_DH_RFC7919_3072 1 +#define PSA_WANT_DH_RFC7919_4096 1 +#define PSA_WANT_DH_RFC7919_6144 1 +#define PSA_WANT_DH_RFC7919_8192 1 + #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fc9bf4f..6ed1f6c 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -59,7 +59,7 @@ static inline void psa_set_key_enrollment_algorithm( psa_key_attributes_t *attributes, psa_algorithm_t alg2) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2; + attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2; } /** Retrieve the enrollment algorithm policy from key attributes. @@ -71,7 +71,7 @@ static inline void psa_set_key_enrollment_algorithm( static inline psa_algorithm_t psa_get_key_enrollment_algorithm( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2); + return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -129,7 +129,7 @@ static inline void psa_set_key_slot_number( psa_key_attributes_t *attributes, psa_key_slot_number_t slot_number) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; + attributes->MBEDTLS_PRIVATE(has_slot_number) = 1; attributes->MBEDTLS_PRIVATE(slot_number) = slot_number; } @@ -142,8 +142,7 @@ static inline void psa_set_key_slot_number( static inline void psa_clear_key_slot_number( psa_key_attributes_t *attributes) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= - ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; + attributes->MBEDTLS_PRIVATE(has_slot_number) = 0; } /** Register a key that is already present in a secure element. @@ -198,6 +197,8 @@ psa_status_t mbedtls_psa_register_se_key( * * This function clears all data associated with the PSA layer, * including the whole key store. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This is an Mbed TLS extension. */ @@ -407,140 +408,11 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * @{ */ -/** Custom Diffie-Hellman group. - * - * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or - * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes - * from domain parameters set by psa_set_key_domain_parameters(). - */ -#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) - /** PAKE operation stages. */ #define PSA_PAKE_OPERATION_STAGE_SETUP 0 #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 -/** - * \brief Set domain parameters for a key. - * - * Some key types require additional domain parameters in addition to - * the key type identifier and the key size. Use this function instead - * of psa_set_key_type() when you need to specify domain parameters. - * - * The format for the required domain parameters varies based on the key type. - * Mbed TLS supports the following key type with domain parameters: - * - * - For RSA keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY or #PSA_KEY_TYPE_RSA_KEY_PAIR), - * the domain parameter data consists of the public exponent, - * represented as a big-endian integer with no leading zeros. - * This information is used when generating an RSA key pair. - * When importing a key, the public exponent is read from the imported - * key data and the exponent recorded in the attribute structure is ignored. - * As an exception, the public exponent 65537 is represented by an empty - * byte string. - * - * \note This function may allocate memory or other resources. - * Once you have called this function on an attribute structure, - * you must call psa_reset_key_attributes() to free these resources. - * - * \note This is an experimental extension to the interface. It may change - * in future versions of the library. - * - * \note Due to an implementation limitation, domain parameters are ignored - * for keys that are managed by a driver. - * - * \param[in,out] attributes Attribute structure where the specified domain - * parameters will be stored. - * If this function fails, the content of - * \p attributes is not modified. - * \param type Key type (a \c PSA_KEY_TYPE_XXX value). - * \param[in] data Buffer containing the key domain parameters. - * The content of this buffer is interpreted - * according to \p type as described above. - * \param data_length Size of the \p data buffer in bytes. - * - * \retval #PSA_SUCCESS \emptydescription - * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription - * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription - */ -#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS) -#define PSA_SET_KEY_DOMAIN_PARAMETERS -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length); -#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */ - -/** - * \brief Get domain parameters for a key. - * - * Get the domain parameters for a key with this function, if any. The format - * of the domain parameters written to \p data is specified in the - * documentation for psa_set_key_domain_parameters(). - * - * \note This is an experimental extension to the interface. It may change - * in future versions of the library. - * - * \note Due to an implementation limitation, domain parameters are not - * supported with keys that are managed by a driver. - * - * \param[in] attributes The key attribute structure to query. - * \param[out] data On success, the key domain parameters. - * \param data_size Size of the \p data buffer in bytes. - * The buffer is guaranteed to be large - * enough if its size in bytes is at least - * the value given by - * PSA_KEY_DOMAIN_PARAMETERS_SIZE(). - * \param[out] data_length On success, the number of bytes - * that make up the key domain parameters data. - * - * \retval #PSA_SUCCESS \emptydescription - * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key is managed by a driver. - */ -psa_status_t psa_get_key_domain_parameters( - const psa_key_attributes_t *attributes, - uint8_t *data, - size_t data_size, - size_t *data_length); - -/** Safe output buffer size for psa_get_key_domain_parameters(). - * - * This macro returns a compile-time constant if its arguments are - * compile-time constants. - * - * \warning This function may call its arguments multiple times or - * zero times, so you should not pass arguments that contain - * side effects. - * - * \note This is an experimental extension to the interface. It may change - * in future versions of the library. - * - * \param key_type A supported key type. - * \param key_bits The size of the key in bits. - * - * \return If the parameters are valid and supported, return - * a buffer size in bytes that guarantees that - * psa_get_key_domain_parameters() will not fail with - * #PSA_ERROR_BUFFER_TOO_SMALL. - * If the parameters are a valid combination that is not supported - * by the implementation, this macro shall return either a - * sensible size or 0. - * If the parameters are not valid, the - * return value is unspecified. - */ -#define PSA_KEY_DOMAIN_PARAMETERS_SIZE(key_type, key_bits) \ - (PSA_KEY_TYPE_IS_RSA(key_type) ? sizeof(int) : \ - PSA_KEY_TYPE_IS_DH(key_type) ? PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \ - PSA_KEY_TYPE_IS_DSA(key_type) ? PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) : \ - 0) -#define PSA_DH_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \ - (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 3 /*without optional parts*/) -#define PSA_DSA_KEY_DOMAIN_PARAMETERS_SIZE(key_bits) \ - (4 + (PSA_BITS_TO_BYTES(key_bits) + 5) * 2 /*p, g*/ + 34 /*q*/) - /**@}*/ @@ -1828,8 +1700,12 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_PAKE_OPERATION_INIT { 0 } +#else #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \ { 0 }, { { 0 } } } +#endif struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1957,6 +1833,9 @@ struct psa_jpake_computation_stage_s { ((round) == PSA_JPAKE_FIRST ? 2 : 1)) struct psa_pake_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -1982,6 +1861,7 @@ struct psa_pake_operation_s { psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); } MBEDTLS_PRIVATE(data); +#endif }; static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 4d03435..a871ee1 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -89,4 +89,14 @@ typedef struct { } mbedtls_psa_external_random_context_t; #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +/** The type of the client handle used in context structures + * + * When a client view of the multipart context structures is required, + * this handle is used to keep a mapping with the service side of the + * context which contains the actual data. + */ +typedef uint32_t mbedtls_psa_client_handle_t; +#endif + #endif /* PSA_CRYPTO_PLATFORM_H */ diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 836c28c..635ee98 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -224,10 +224,20 @@ #endif /* The maximum size of an DH key on this implementation, in bits. - * - * Note that an implementation may set different size limits for different - * operations, and does not need to accept all key sizes up to the limit. */ + * This is a vendor-specific macro.*/ +#if defined(PSA_WANT_DH_RFC7919_8192) #define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u +#elif defined(PSA_WANT_DH_RFC7919_6144) +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u +#elif defined(PSA_WANT_DH_RFC7919_4096) +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u +#elif defined(PSA_WANT_DH_RFC7919_3072) +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u +#elif defined(PSA_WANT_DH_RFC7919_2048) +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u +#else +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u +#endif /* The maximum size of an ECC key on this implementation, in bits. * This is a vendor-specific macro. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 3a19618..3913551 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -68,6 +68,9 @@ extern "C" { #include "psa/crypto_driver_contexts_primitives.h" struct psa_hash_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -76,9 +79,13 @@ struct psa_hash_operation_s { * any driver (i.e. the driver context is not active, in use). */ unsigned int MBEDTLS_PRIVATE(id); psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx); +#endif }; - +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_HASH_OPERATION_INIT { 0 } +#else #define PSA_HASH_OPERATION_INIT { 0, { 0 } } +#endif static inline struct psa_hash_operation_s psa_hash_operation_init(void) { const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; @@ -86,6 +93,9 @@ static inline struct psa_hash_operation_s psa_hash_operation_init(void) } struct psa_cipher_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -100,9 +110,14 @@ struct psa_cipher_operation_s { uint8_t MBEDTLS_PRIVATE(default_iv_length); psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_CIPHER_OPERATION_INIT { 0 } +#else #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } +#endif static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; @@ -114,6 +129,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void) #include "psa/crypto_driver_contexts_composites.h" struct psa_mac_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -124,9 +142,14 @@ struct psa_mac_operation_s { uint8_t MBEDTLS_PRIVATE(mac_size); unsigned int MBEDTLS_PRIVATE(is_sign) : 1; psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_MAC_OPERATION_INIT { 0 } +#else #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } +#endif static inline struct psa_mac_operation_s psa_mac_operation_init(void) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; @@ -134,7 +157,9 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void) } struct psa_aead_operation_s { - +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -156,9 +181,14 @@ struct psa_aead_operation_s { unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1; psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_AEAD_OPERATION_INIT { 0 } +#else #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } +#endif static inline struct psa_aead_operation_s psa_aead_operation_init(void) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; @@ -170,14 +200,22 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void) #include "psa/crypto_driver_contexts_key_derivation.h" struct psa_key_derivation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else psa_algorithm_t MBEDTLS_PRIVATE(alg); unsigned int MBEDTLS_PRIVATE(can_output_key) : 1; size_t MBEDTLS_PRIVATE(capacity); psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 } +#else /* This only zeroes out the first byte in the union, the rest is unspecified. */ #define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } } +#endif static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void) { @@ -185,6 +223,22 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init( return v; } +struct psa_key_production_parameters_s { + /* Future versions may add other fields in this structure. */ + uint32_t flags; + uint8_t data[]; +}; + +/** The default production parameters for key generation or key derivation. + * + * Calling psa_generate_key_ext() or psa_key_derivation_output_key_ext() + * with `params=PSA_KEY_PRODUCTION_PARAMETERS_INIT` and + * `params_data_length == 0` is equivalent to + * calling psa_generate_key() or psa_key_derivation_output_key() + * respectively. + */ +#define PSA_KEY_PRODUCTION_PARAMETERS_INIT { 0 } + struct psa_key_policy_s { psa_key_usage_t MBEDTLS_PRIVATE(usage); psa_algorithm_t MBEDTLS_PRIVATE(alg); @@ -212,69 +266,39 @@ typedef uint16_t psa_key_bits_t; * conditionals. */ #define PSA_MAX_KEY_BITS 0xfff8 -/** A mask of flags that can be stored in key attributes. - * - * This type is also used internally to store flags in slots. Internal - * flags are defined in library/psa_crypto_core.h. Internal flags may have - * the same value as external flags if they are properly handled during - * key creation and in psa_get_key_attributes. - */ -typedef uint16_t psa_key_attributes_flag_t; - -#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \ - ((psa_key_attributes_flag_t) 0x0001) - -/* A mask of key attribute flags used externally only. - * Only meant for internal checks inside the library. */ -#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \ - MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \ - 0) - -/* A mask of key attribute flags used both internally and externally. - * Currently there aren't any. */ -#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \ - 0) - -typedef struct { - psa_key_type_t MBEDTLS_PRIVATE(type); - psa_key_bits_t MBEDTLS_PRIVATE(bits); - psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime); - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id); - psa_key_policy_t MBEDTLS_PRIVATE(policy); - psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags); -} psa_core_key_attributes_t; - -#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ - PSA_KEY_LIFETIME_VOLATILE, \ - MBEDTLS_SVC_KEY_ID_INIT, \ - PSA_KEY_POLICY_INIT, 0 } - struct psa_key_attributes_s { - psa_core_key_attributes_t MBEDTLS_PRIVATE(core); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number); + int MBEDTLS_PRIVATE(has_slot_number); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - /* Unlike normal buffers, there are three cases for domain_parameters - * and domain_parameters_size: - * - domain_parameters_size == SIZE_MAX && domain_parameters == NULL: - * Access to domain parameters is not supported for this key. - * This is a hack which should not exist, intended for keys managed - * by a driver, because drivers don't support domain parameters. - * - domain_parameters_size == 0 && domain_parameters == NULL: - * The domain parameters are empty. - * - domain_parameters_size > 0 && - * domain_parameters == valid pointer to domain_parameters_size bytes: - * The domain parameters are non-empty. + psa_key_type_t MBEDTLS_PRIVATE(type); + psa_key_bits_t MBEDTLS_PRIVATE(bits); + psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime); + psa_key_policy_t MBEDTLS_PRIVATE(policy); + /* This type has a different layout in the client view wrt the + * service view of the key id, i.e. in service view usually is + * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined + * thus adding an owner field to the standard psa_key_id_t. For + * implementations with client/service separation, this means the + * object will be marshalled through a transport channel and + * interpreted differently at each side of the transport. Placing + * it at the end of structures allows to interpret the structure + * at the client without reorganizing the memory layout of the + * struct */ - void *MBEDTLS_PRIVATE(domain_parameters); - size_t MBEDTLS_PRIVATE(domain_parameters_size); + mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id); }; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 } +#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0, 0, #else -#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 } +#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER #endif +#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \ + PSA_KEY_TYPE_NONE, 0, \ + PSA_KEY_LIFETIME_VOLATILE, \ + PSA_KEY_POLICY_INIT, \ + MBEDTLS_SVC_KEY_ID_INIT } static inline struct psa_key_attributes_s psa_key_attributes_init(void) { @@ -285,12 +309,12 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void) static inline void psa_set_key_id(psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key) { - psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime); + psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(lifetime); - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key; + attributes->MBEDTLS_PRIVATE(id) = key; if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = + attributes->MBEDTLS_PRIVATE(lifetime) = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_LIFETIME_PERSISTENT, PSA_KEY_LIFETIME_GET_LOCATION(lifetime)); @@ -300,26 +324,26 @@ static inline void psa_set_key_id(psa_key_attributes_t *attributes, static inline mbedtls_svc_key_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id); + return attributes->MBEDTLS_PRIVATE(id); } #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes, mbedtls_key_owner_id_t owner) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner; + attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner; } #endif static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime; + attributes->MBEDTLS_PRIVATE(lifetime) = lifetime; if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0; + attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0; #else - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0; + attributes->MBEDTLS_PRIVATE(id) = 0; #endif } } @@ -327,7 +351,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, static inline psa_key_lifetime_t psa_get_key_lifetime( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime); + return attributes->MBEDTLS_PRIVATE(lifetime); } static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags) @@ -345,78 +369,62 @@ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags) { psa_extend_key_usage_flags(&usage_flags); - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; + attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; } static inline psa_key_usage_t psa_get_key_usage_flags( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage); + return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage); } static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; + attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; } static inline psa_algorithm_t psa_get_key_algorithm( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg); + return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg); } -/* This function is declared in crypto_extra.h, which comes after this - * header file, but we need the function here, so repeat the declaration. */ -#if !defined(PSA_SET_KEY_DOMAIN_PARAMETERS) -#define PSA_SET_KEY_DOMAIN_PARAMETERS -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length); -#endif /* PSA_SET_KEY_DOMAIN_PARAMETERS */ - static inline void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type) { - if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL) { - /* Common case: quick path */ - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type; - } else { - /* Call the bigger function to free the old domain parameters. - * Ignore any errors which may arise due to type requiring - * non-default domain parameters, since this function can't - * report errors. */ - (void) psa_set_key_domain_parameters(attributes, type, NULL, 0); - } + attributes->MBEDTLS_PRIVATE(type) = type; } static inline psa_key_type_t psa_get_key_type( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type); + return attributes->MBEDTLS_PRIVATE(type); } static inline void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits) { if (bits > PSA_MAX_KEY_BITS) { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE; + attributes->MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE; } else { - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits; + attributes->MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits; } } static inline size_t psa_get_key_bits( const psa_key_attributes_t *attributes) { - return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits); + return attributes->MBEDTLS_PRIVATE(bits); } /** * \brief The context for PSA interruptible hash signing. */ struct psa_sign_hash_interruptible_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -430,9 +438,14 @@ struct psa_sign_hash_interruptible_operation_s { unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; uint32_t MBEDTLS_PRIVATE(num_ops); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#else #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } +#endif static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) @@ -447,6 +460,9 @@ psa_sign_hash_interruptible_operation_init(void) * \brief The context for PSA interruptible hash verification. */ struct psa_verify_hash_interruptible_operation_s { +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + mbedtls_psa_client_handle_t handle; +#else /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping * drivers halfway through the operation is not supported. @@ -460,9 +476,14 @@ struct psa_verify_hash_interruptible_operation_s { unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; uint32_t MBEDTLS_PRIVATE(num_ops); +#endif }; +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#else #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } +#endif static inline struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_init(void) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index e2ebd8a..31ea686 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -455,6 +455,30 @@ typedef uint64_t psa_key_slot_number_t; */ typedef uint16_t psa_key_derivation_step_t; +/** \brief Custom parameters for key generation or key derivation. + * + * This is a structure type with at least the following fields: + * + * - \c flags: an unsigned integer type. 0 for the default production parameters. + * - \c data: a flexible array of bytes. + * + * The interpretation of this structure depend on the type of the + * created key. + * + * - #PSA_KEY_TYPE_RSA_KEY_PAIR: + * - \c flags: must be 0. + * - \c data: the public exponent, in little-endian order. + * This must be an odd integer and must not be 1. + * Implementations must support 65535, should support 3 and may + * support other values. + * When not using a driver, Mbed TLS supports values up to \c INT_MAX. + * If this is empty or if the custom production parameters are omitted + * altogether, the default value 65537 is used. + * - Other key types: reserved for future use. \c flags must be 0. + * + */ +typedef struct psa_key_production_parameters_s psa_key_production_parameters_t; + /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f311acb..1d678db 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -413,7 +413,7 @@ ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) /** The public key type corresponding to a key pair type. * - * You may also pass a key pair type as \p type, it will be left unchanged. + * You may also pass a public key type as \p type, it will be left unchanged. * * \param type A public key type or key pair type. * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index b6ea73e..47ecf17 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -231,7 +231,7 @@ if(HAIKU) endif(HAIKU) if(LINK_WITH_PTHREAD) - set(libs ${libs} pthread) + set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT}) endif() if(LINK_WITH_TRUSTED_STORAGE) diff --git a/library/aesce.c b/library/aesce.c index eaaa5b5..6a9e0a1 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -334,7 +334,7 @@ static void aesce_setkey_enc(unsigned char *rk, * - Section 5, Nr = Nk + 6 * - Section 5.2, the length of round keys is Nb*(Nr+1) */ - const uint32_t key_len_in_words = key_bit_length / 32; /* Nk */ + const size_t key_len_in_words = key_bit_length / 32; /* Nk */ const size_t round_key_len_in_words = 4; /* Nb */ const size_t rounds_needed = key_len_in_words + 6; /* Nr */ const size_t round_keys_len_in_words = diff --git a/library/alignment.h b/library/alignment.h index 248f29b..a17001d 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -53,28 +53,45 @@ typedef uint16_t __packed mbedtls_uint16_unaligned_t; typedef uint32_t __packed mbedtls_uint32_unaligned_t; typedef uint64_t __packed mbedtls_uint64_unaligned_t; #elif defined(MBEDTLS_COMPILER_IS_GCC) && (MBEDTLS_GCC_VERSION >= 40504) && \ - ((MBEDTLS_GCC_VERSION < 90300) || (!defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS))) + ((MBEDTLS_GCC_VERSION < 60300) || (!defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS))) /* - * Old versions of gcc, depending on how the target is specified, may generate a branch to memcpy - * for calls like `memcpy(dest, src, 4)` rather than generating some LDR or LDRB instructions - * (similar for stores). - * Recent versions where unaligned access is not enabled also do this. + * gcc may generate a branch to memcpy for calls like `memcpy(dest, src, 4)` rather than + * generating some LDR or LDRB instructions (similar for stores). + * + * This is architecture dependent: x86-64 seems fine even with old gcc; 32-bit Arm + * is affected. To keep it simple, we enable for all architectures. + * + * For versions of gcc < 5.4.0 this issue always happens. + * For gcc < 6.3.0, this issue happens at -O0 + * For all versions, this issue happens iff unaligned access is not supported. + * + * For gcc 4.x, this implementation will generate byte-by-byte loads even if unaligned access is + * supported, which is correct but not optimal. * * For performance (and code size, in some cases), we want to avoid the branch and just generate * some inline load/store instructions since the access is small and constant-size. * * The manual states: - * "The aligned attribute specifies a minimum alignment for the variable or structure field, - * measured in bytes." - * https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html + * "The packed attribute specifies that a variable or structure field should have the smallest + * possible alignment—one byte for a variable" + * https://gcc.gnu.org/onlinedocs/gcc-4.5.4/gcc/Variable-Attributes.html * - * Tested with several versions of GCC from 4.5.0 up to 9.3.0 + * Previous implementations used __attribute__((__aligned__(1)), but had issues with a gcc bug: + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 + * + * Tested with several versions of GCC from 4.5.0 up to 13.2.0 * We don't enable for older than 4.5.0 as this has not been tested. */ - #define UINT_UNALIGNED -typedef uint16_t __attribute__((__aligned__(1))) mbedtls_uint16_unaligned_t; -typedef uint32_t __attribute__((__aligned__(1))) mbedtls_uint32_unaligned_t; -typedef uint64_t __attribute__((__aligned__(1))) mbedtls_uint64_unaligned_t; + #define UINT_UNALIGNED_STRUCT +typedef struct { + uint16_t x; +} __attribute__((packed)) mbedtls_uint16_unaligned_t; +typedef struct { + uint32_t x; +} __attribute__((packed)) mbedtls_uint32_unaligned_t; +typedef struct { + uint64_t x; +} __attribute__((packed)) mbedtls_uint64_unaligned_t; #endif /* @@ -101,6 +118,9 @@ static inline uint16_t mbedtls_get_unaligned_uint16(const void *p) #if defined(UINT_UNALIGNED) mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; r = *p16; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; + r = p16->x; #else memcpy(&r, p, sizeof(r)); #endif @@ -124,6 +144,9 @@ static inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x) #if defined(UINT_UNALIGNED) mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; *p16 = x; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p; + p16->x = x; #else memcpy(p, &x, sizeof(x)); #endif @@ -147,6 +170,9 @@ static inline uint32_t mbedtls_get_unaligned_uint32(const void *p) #if defined(UINT_UNALIGNED) mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; r = *p32; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; + r = p32->x; #else memcpy(&r, p, sizeof(r)); #endif @@ -170,6 +196,9 @@ static inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x) #if defined(UINT_UNALIGNED) mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; *p32 = x; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p; + p32->x = x; #else memcpy(p, &x, sizeof(x)); #endif @@ -193,6 +222,9 @@ static inline uint64_t mbedtls_get_unaligned_uint64(const void *p) #if defined(UINT_UNALIGNED) mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; r = *p64; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; + r = p64->x; #else memcpy(&r, p, sizeof(r)); #endif @@ -216,6 +248,9 @@ static inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) #if defined(UINT_UNALIGNED) mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; *p64 = x; +#elif defined(UINT_UNALIGNED_STRUCT) + mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p; + p64->x = x; #else memcpy(p, &x, sizeof(x)); #endif diff --git a/library/aria.c b/library/aria.c index ba12578..d9f84cc 100644 --- a/library/aria.c +++ b/library/aria.c @@ -25,12 +25,6 @@ #include "mbedtls/platform_util.h" -/* Parameter validation macros */ -#define ARIA_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) -#define ARIA_VALIDATE(cond) \ - MBEDTLS_INTERNAL_VALIDATE(cond) - /* * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes * @@ -363,8 +357,6 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx, int i; uint32_t w[4][4], *w2; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(key != NULL); if (keybits != 128 && keybits != 192 && keybits != 256) { return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; @@ -418,8 +410,6 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx, const unsigned char *key, unsigned int keybits) { int i, j, k, ret; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(key != NULL); ret = mbedtls_aria_setkey_enc(ctx, key, keybits); if (ret != 0) { @@ -455,9 +445,6 @@ int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, int i; uint32_t a, b, c, d; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(input != NULL); - ARIA_VALIDATE_RET(output != NULL); a = MBEDTLS_GET_UINT32_LE(input, 0); b = MBEDTLS_GET_UINT32_LE(input, 4); @@ -505,7 +492,6 @@ int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx, /* Initialize context */ void mbedtls_aria_init(mbedtls_aria_context *ctx) { - ARIA_VALIDATE(ctx != NULL); memset(ctx, 0, sizeof(mbedtls_aria_context)); } @@ -532,12 +518,9 @@ int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx, { unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT); - ARIA_VALIDATE_RET(length == 0 || input != NULL); - ARIA_VALIDATE_RET(length == 0 || output != NULL); - ARIA_VALIDATE_RET(iv != NULL); + if ((mode != MBEDTLS_ARIA_ENCRYPT) && (mode != MBEDTLS_ARIA_DECRYPT)) { + return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; + } if (length % MBEDTLS_ARIA_BLOCKSIZE) { return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH; @@ -588,19 +571,14 @@ int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx, unsigned char c; size_t n; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT || - mode == MBEDTLS_ARIA_DECRYPT); - ARIA_VALIDATE_RET(length == 0 || input != NULL); - ARIA_VALIDATE_RET(length == 0 || output != NULL); - ARIA_VALIDATE_RET(iv != NULL); - ARIA_VALIDATE_RET(iv_off != NULL); + if ((mode != MBEDTLS_ARIA_ENCRYPT) && (mode != MBEDTLS_ARIA_DECRYPT)) { + return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; + } n = *iv_off; /* An overly large value of n can lead to an unlimited - * buffer overflow. Therefore, guard against this - * outside of parameter validation. */ + * buffer overflow. */ if (n >= MBEDTLS_ARIA_BLOCKSIZE) { return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; } @@ -650,17 +628,9 @@ int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx, int c, i; size_t n; - ARIA_VALIDATE_RET(ctx != NULL); - ARIA_VALIDATE_RET(length == 0 || input != NULL); - ARIA_VALIDATE_RET(length == 0 || output != NULL); - ARIA_VALIDATE_RET(nonce_counter != NULL); - ARIA_VALIDATE_RET(stream_block != NULL); - ARIA_VALIDATE_RET(nc_off != NULL); - n = *nc_off; /* An overly large value of n can lead to an unlimited - * buffer overflow. Therefore, guard against this - * outside of parameter validation. */ + * buffer overflow. */ if (n >= MBEDTLS_ARIA_BLOCKSIZE) { return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA; } diff --git a/library/asn1parse.c b/library/asn1parse.c index c02b233..e33fdf7 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -7,7 +7,8 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" @@ -73,7 +74,7 @@ int mbedtls_asn1_get_tag(unsigned char **p, return mbedtls_asn1_get_len(p, end, len); } -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, diff --git a/library/asn1write.c b/library/asn1write.c index 114091d..775a9ef 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -7,7 +7,8 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) #include "mbedtls/asn1write.h" #include "mbedtls/error.h" @@ -62,7 +63,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } -#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */ #if defined(MBEDTLS_ASN1_WRITE_C) static int mbedtls_asn1_write_len_and_tag(unsigned char **p, diff --git a/library/bignum.c b/library/bignum.c index 1869137..c45fd5b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -37,10 +37,18 @@ #include "mbedtls/platform.h" -#define MPI_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA) -#define MPI_VALIDATE(cond) \ - MBEDTLS_INTERNAL_VALIDATE(cond) + + +/* + * Conditionally select an MPI sign in constant time. + * (MPI sign is the field s in mbedtls_mpi. It is unsigned short and only 1 and -1 are valid + * values.) + */ +static inline signed short mbedtls_ct_mpi_sign_if(mbedtls_ct_condition_t cond, + signed short sign1, signed short sign2) +{ + return (signed short) mbedtls_ct_uint_if(cond, sign1 + 1, sign2 + 1) - 1; +} /* * Compare signed values in constant time @@ -51,10 +59,6 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, { mbedtls_ct_condition_t different_sign, X_is_negative, Y_is_negative, result; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); - MPI_VALIDATE_RET(ret != NULL); - if (X->n != Y->n) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } @@ -115,15 +119,13 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X, unsigned char assign) { int ret = 0; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n)); { mbedtls_ct_condition_t do_assign = mbedtls_ct_bool(assign); - X->s = (int) mbedtls_ct_uint_if(do_assign, Y->s, X->s); + X->s = mbedtls_ct_mpi_sign_if(do_assign, Y->s, X->s); mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, do_assign); @@ -149,8 +151,6 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, { int ret = 0; int s; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); if (X == Y) { return 0; @@ -162,8 +162,8 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X, MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n)); s = X->s; - X->s = (int) mbedtls_ct_uint_if(do_swap, Y->s, X->s); - Y->s = (int) mbedtls_ct_uint_if(do_swap, s, Y->s); + X->s = mbedtls_ct_mpi_sign_if(do_swap, Y->s, X->s); + Y->s = mbedtls_ct_mpi_sign_if(do_swap, s, Y->s); mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, do_swap); @@ -179,8 +179,6 @@ cleanup: */ void mbedtls_mpi_init(mbedtls_mpi *X) { - MPI_VALIDATE(X != NULL); - X->s = 1; X->n = 0; X->p = NULL; @@ -210,7 +208,6 @@ void mbedtls_mpi_free(mbedtls_mpi *X) int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; - MPI_VALIDATE_RET(X != NULL); if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { return MBEDTLS_ERR_MPI_ALLOC_FAILED; @@ -243,7 +240,6 @@ int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs) { mbedtls_mpi_uint *p; size_t i; - MPI_VALIDATE_RET(X != NULL); if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) { return MBEDTLS_ERR_MPI_ALLOC_FAILED; @@ -305,15 +301,12 @@ static int mbedtls_mpi_resize_clear(mbedtls_mpi *X, size_t limbs) * This function is not constant-time. Leading zeros in Y may be removed. * * Ensure that X does not shrink. This is not guaranteed by the public API, - * but some code in the bignum module relies on this property, for example - * in mbedtls_mpi_exp_mod(). + * but some code in the bignum module might still rely on this property. */ int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y) { int ret = 0; size_t i; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); if (X == Y) { return 0; @@ -355,8 +348,6 @@ cleanup: void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y) { mbedtls_mpi T; - MPI_VALIDATE(X != NULL); - MPI_VALIDATE(Y != NULL); memcpy(&T, X, sizeof(mbedtls_mpi)); memcpy(X, Y, sizeof(mbedtls_mpi)); @@ -385,7 +376,6 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z) int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET(X != NULL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1)); memset(X->p, 0, X->n * ciL); @@ -403,8 +393,6 @@ cleanup: */ int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos) { - MPI_VALIDATE_RET(X != NULL); - if (X->n * biL <= pos) { return 0; } @@ -420,7 +408,6 @@ int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val) int ret = 0; size_t off = pos / biL; size_t idx = pos % biL; - MPI_VALIDATE_RET(X != NULL); if (val != 0 && val != 1) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -448,7 +435,6 @@ cleanup: size_t mbedtls_mpi_lsb(const mbedtls_mpi *X) { size_t i; - MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0); #if defined(__has_builtin) #if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_ctz) @@ -530,8 +516,6 @@ int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s) int sign = 1; mbedtls_mpi_uint d; mbedtls_mpi T; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(s != NULL); if (radix < 2 || radix > 16) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -634,9 +618,6 @@ int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix, size_t n; char *p; mbedtls_mpi T; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(olen != NULL); - MPI_VALIDATE_RET(buflen == 0 || buf != NULL); if (radix < 2 || radix > 16) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -726,9 +707,6 @@ int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin) */ char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(fin != NULL); - if (radix < 2 || radix > 16) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } @@ -772,7 +750,6 @@ int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE * newline characters and '\0' */ char s[MBEDTLS_MPI_RW_BUFFER_SIZE]; - MPI_VALIDATE_RET(X != NULL); if (radix < 2 || radix > 16) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -844,9 +821,6 @@ int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buf int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t limbs = CHARS_TO_LIMBS(buflen); - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(buflen == 0 || buf != NULL); - /* Ensure that target MPI has exactly the necessary number of limbs */ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); @@ -887,7 +861,6 @@ int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i; - MPI_VALIDATE_RET(X != NULL); i = mbedtls_mpi_bitlen(X) + count; @@ -908,7 +881,6 @@ cleanup: */ int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count) { - MPI_VALIDATE_RET(X != NULL); if (X->n != 0) { mbedtls_mpi_core_shift_r(X->p, X->n, count); } @@ -921,8 +893,6 @@ int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count) int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); for (i = X->n; i > 0; i--) { if (X->p[i - 1] != 0) { @@ -964,8 +934,6 @@ int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y) int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y) { size_t i, j; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(Y != NULL); for (i = X->n; i > 0; i--) { if (X->p[i - 1] != 0) { @@ -1016,7 +984,6 @@ int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z) { mbedtls_mpi Y; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET(X != NULL); *p = mpi_sint_abs(z); Y.s = TO_SIGN(z); @@ -1035,9 +1002,6 @@ int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi size_t j; mbedtls_mpi_uint *p; mbedtls_mpi_uint c; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); if (X == B) { const mbedtls_mpi *T = A; A = X; B = T; @@ -1098,9 +1062,6 @@ int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; mbedtls_mpi_uint carry; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); for (n = B->n; n > 0; n--) { if (B->p[n - 1] != 0) { @@ -1152,9 +1113,6 @@ static int add_sub_mpi(mbedtls_mpi *X, int flip_B) { int ret, s; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); s = A->s; if (A->s * B->s * flip_B < 0) { @@ -1203,8 +1161,6 @@ int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); B.s = TO_SIGN(b); @@ -1221,8 +1177,6 @@ int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); B.s = TO_SIGN(b); @@ -1241,9 +1195,6 @@ int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi size_t i, j; mbedtls_mpi TA, TB; int result_is_zero = 0; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); @@ -1300,9 +1251,6 @@ cleanup: */ int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b) { - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - size_t n = A->n; while (n > 0 && A->p[n - 1] == 0) { --n; @@ -1448,8 +1396,6 @@ int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, size_t i, n, t, k; mbedtls_mpi X, Y, Z, T1, T2; mbedtls_mpi_uint TP2[3]; - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); if (mbedtls_mpi_cmp_int(B, 0) == 0) { return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; @@ -1572,7 +1518,6 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, { mbedtls_mpi B; mbedtls_mpi_uint p[1]; - MPI_VALIDATE_RET(A != NULL); p[0] = mpi_sint_abs(b); B.s = TO_SIGN(b); @@ -1588,9 +1533,6 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R, int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - MPI_VALIDATE_RET(R != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); if (mbedtls_mpi_cmp_int(B, 0) < 0) { return MBEDTLS_ERR_MPI_NEGATIVE_VALUE; @@ -1618,8 +1560,6 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s { size_t i; mbedtls_mpi_uint x, y, z; - MPI_VALIDATE_RET(r != NULL); - MPI_VALIDATE_RET(A != NULL); if (b == 0) { return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO; @@ -1670,103 +1610,11 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s return 0; } -static void mpi_montg_init(mbedtls_mpi_uint *mm, const mbedtls_mpi *N) -{ - *mm = mbedtls_mpi_core_montmul_init(N->p); -} - -/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) - * - * \param[in,out] A One of the numbers to multiply. - * It must have at least as many limbs as N - * (A->n >= N->n), and any limbs beyond n are ignored. - * On successful completion, A contains the result of - * the multiplication A * B * R^-1 mod N where - * R = (2^ciL)^n. - * \param[in] B One of the numbers to multiply. - * It must be nonzero and must not have more limbs than N - * (B->n <= N->n). - * \param[in] N The modulus. \p N must be odd. - * \param mm The value calculated by `mpi_montg_init(&mm, N)`. - * This is -N^-1 mod 2^ciL. - * \param[in,out] T A bignum for temporary storage. - * It must be at least twice the limb size of N plus 1 - * (T->n >= 2 * N->n + 1). - * Its initial content is unused and - * its final content is indeterminate. - * It does not get reallocated. - */ -static void mpi_montmul(mbedtls_mpi *A, const mbedtls_mpi *B, - const mbedtls_mpi *N, mbedtls_mpi_uint mm, - mbedtls_mpi *T) -{ - mbedtls_mpi_core_montmul(A->p, A->p, B->p, B->n, N->p, N->n, mm, T->p); -} - -/* - * Montgomery reduction: A = A * R^-1 mod N - * - * See mpi_montmul() regarding constraints and guarantees on the parameters. - */ -static void mpi_montred(mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, mbedtls_mpi *T) -{ - mbedtls_mpi_uint z = 1; - mbedtls_mpi U; - U.n = 1; - U.s = 1; - U.p = &z; - - mpi_montmul(A, &U, N, mm, T); -} - -/** - * Select an MPI from a table without leaking the index. - * - * This is functionally equivalent to mbedtls_mpi_copy(R, T[idx]) except it - * reads the entire table in order to avoid leaking the value of idx to an - * attacker able to observe memory access patterns. - * - * \param[out] R Where to write the selected MPI. - * \param[in] T The table to read from. - * \param[in] T_size The number of elements in the table. - * \param[in] idx The index of the element to select; - * this must satisfy 0 <= idx < T_size. - * - * \return \c 0 on success, or a negative error code. - */ -static int mpi_select(mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - for (size_t i = 0; i < T_size; i++) { - MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i], - (unsigned char) mbedtls_ct_uint_eq(i, idx))); - } -cleanup: - return ret; -} - -/* - * Sliding-window exponentiation: X = A^E mod N (HAC 14.85) - */ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *prec_RR) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t window_bitsize; - size_t i, j, nblimbs; - size_t bufsize, nbits; - size_t exponent_bits_in_window = 0; - mbedtls_mpi_uint ei, mm, state; - mbedtls_mpi RR, T, W[(size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE], WW, Apos; - int neg; - - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(E != NULL); - MPI_VALIDATE_RET(N != NULL); if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -1782,261 +1630,88 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, } /* - * Init temps and window size + * Ensure that the exponent that we are passing to the core is not NULL. */ - mpi_montg_init(&mm, N); - mbedtls_mpi_init(&RR); mbedtls_mpi_init(&T); - mbedtls_mpi_init(&Apos); - mbedtls_mpi_init(&WW); - memset(W, 0, sizeof(W)); - - i = mbedtls_mpi_bitlen(E); - - window_bitsize = (i > 671) ? 6 : (i > 239) ? 5 : - (i > 79) ? 4 : (i > 23) ? 3 : 1; - -#if (MBEDTLS_MPI_WINDOW_SIZE < 6) - if (window_bitsize > MBEDTLS_MPI_WINDOW_SIZE) { - window_bitsize = MBEDTLS_MPI_WINDOW_SIZE; + if (E->n == 0) { + ret = mbedtls_mpi_lset(X, 1); + return ret; } -#endif - - const size_t w_table_used_size = (size_t) 1 << window_bitsize; /* - * This function is not constant-trace: its memory accesses depend on the - * exponent value. To defend against timing attacks, callers (such as RSA - * and DHM) should use exponent blinding. However this is not enough if the - * adversary can find the exponent in a single trace, so this function - * takes extra precautions against adversaries who can observe memory - * access patterns. - * - * This function performs a series of multiplications by table elements and - * squarings, and we want the prevent the adversary from finding out which - * table element was used, and from distinguishing between multiplications - * and squarings. Firstly, when multiplying by an element of the window - * W[i], we do a constant-trace table lookup to obfuscate i. This leaves - * squarings as having a different memory access patterns from other - * multiplications. So secondly, we put the accumulator in the table as - * well, and also do a constant-trace table lookup to multiply by the - * accumulator which is W[x_index]. - * - * This way, all multiplications take the form of a lookup-and-multiply. - * The number of lookup-and-multiply operations inside each iteration of - * the main loop still depends on the bits of the exponent, but since the - * other operations in the loop don't have an easily recognizable memory - * trace, an adversary is unlikely to be able to observe the exact - * patterns. - * - * An adversary may still be able to recover the exponent if they can - * observe both memory accesses and branches. However, branch prediction - * exploitation typically requires many traces of execution over the same - * data, which is defeated by randomized blinding. - */ - const size_t x_index = 0; - mbedtls_mpi_init(&W[x_index]); - - j = N->n + 1; - /* All W[i] including the accumulator must have at least N->n limbs for - * the mpi_montmul() and mpi_montred() calls later. Here we ensure that - * W[1] and the accumulator W[x_index] are large enough. later we'll grow - * other W[i] to the same length. They must not be shrunk midway through - * this function! + * Allocate working memory for mbedtls_mpi_core_exp_mod() */ - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j)); - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j)); - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&T, j * 2)); - - /* - * Compensate for negative A (and correct at the end) - */ - neg = (A->s == -1); - if (neg) { - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&Apos, A)); - Apos.s = 1; - A = &Apos; + size_t T_limbs = mbedtls_mpi_core_exp_mod_working_limbs(N->n, E->n); + mbedtls_mpi_uint *T = (mbedtls_mpi_uint *) mbedtls_calloc(T_limbs, sizeof(mbedtls_mpi_uint)); + if (T == NULL) { + return MBEDTLS_ERR_MPI_ALLOC_FAILED; } + mbedtls_mpi RR; + mbedtls_mpi_init(&RR); + /* * If 1st call, pre-compute R^2 mod N */ if (prec_RR == NULL || prec_RR->p == NULL) { - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&RR, 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&RR, N->n * 2 * biL)); - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&RR, &RR, N)); + MBEDTLS_MPI_CHK(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, N)); if (prec_RR != NULL) { - memcpy(prec_RR, &RR, sizeof(mbedtls_mpi)); + *prec_RR = RR; } } else { - memcpy(&RR, prec_RR, sizeof(mbedtls_mpi)); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(prec_RR, N->n)); + RR = *prec_RR; } /* - * W[1] = A * R^2 * R^-1 mod N = A * R mod N + * To preserve constness we need to make a copy of A. Using X for this to + * save memory. */ - if (mbedtls_mpi_cmp_mpi(A, N) >= 0) { - MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&W[1], A, N)); - /* This should be a no-op because W[1] is already that large before - * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow - * in mpi_montmul() below, so let's make sure. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], N->n + 1)); - } else { - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[1], A)); - } - - /* Note that this is safe because W[1] always has at least N->n limbs - * (it grew above and was preserved by mbedtls_mpi_copy()). */ - mpi_montmul(&W[1], &RR, N, mm, &T); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, A)); /* - * W[x_index] = R^2 * R^-1 mod N = R mod N + * Compensate for negative A (and correct at the end). */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[x_index], &RR)); - mpi_montred(&W[x_index], N, mm, &T); - - - if (window_bitsize > 1) { - /* - * W[i] = W[1] ^ i - * - * The first bit of the sliding window is always 1 and therefore we - * only need to store the second half of the table. - * - * (There are two special elements in the table: W[0] for the - * accumulator/result and W[1] for A in Montgomery form. Both of these - * are already set at this point.) - */ - j = w_table_used_size / 2; - - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[j], N->n + 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[j], &W[1])); - - for (i = 0; i < window_bitsize - 1; i++) { - mpi_montmul(&W[j], &W[j], N, mm, &T); - } - - /* - * W[i] = W[i - 1] * W[1] - */ - for (i = j + 1; i < w_table_used_size; i++) { - MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[i], N->n + 1)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&W[i], &W[i - 1])); - - mpi_montmul(&W[i], &W[1], N, mm, &T); - } - } - - nblimbs = E->n; - bufsize = 0; - nbits = 0; - state = 0; - - while (1) { - if (bufsize == 0) { - if (nblimbs == 0) { - break; - } - - nblimbs--; - - bufsize = sizeof(mbedtls_mpi_uint) << 3; - } - - bufsize--; - - ei = (E->p[nblimbs] >> bufsize) & 1; - - /* - * skip leading 0s - */ - if (ei == 0 && state == 0) { - continue; - } - - if (ei == 0 && state == 1) { - /* - * out of window, square W[x_index] - */ - MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index)); - mpi_montmul(&W[x_index], &WW, N, mm, &T); - continue; - } - - /* - * add ei to current window - */ - state = 2; - - nbits++; - exponent_bits_in_window |= (ei << (window_bitsize - nbits)); - - if (nbits == window_bitsize) { - /* - * W[x_index] = W[x_index]^window_bitsize R^-1 mod N - */ - for (i = 0; i < window_bitsize; i++) { - MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, - x_index)); - mpi_montmul(&W[x_index], &WW, N, mm, &T); - } - - /* - * W[x_index] = W[x_index] * W[exponent_bits_in_window] R^-1 mod N - */ - MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, - exponent_bits_in_window)); - mpi_montmul(&W[x_index], &WW, N, mm, &T); - - state--; - nbits = 0; - exponent_bits_in_window = 0; - } - } + X->s = 1; /* - * process the remaining bits + * Make sure that X is in a form that is safe for consumption by + * the core functions. + * + * - The core functions will not touch the limbs of X above N->n. The + * result will be correct if those limbs are 0, which the mod call + * ensures. + * - Also, X must have at least as many limbs as N for the calls to the + * core functions. */ - for (i = 0; i < nbits; i++) { - MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, x_index)); - mpi_montmul(&W[x_index], &WW, N, mm, &T); - - exponent_bits_in_window <<= 1; - - if ((exponent_bits_in_window & ((size_t) 1 << window_bitsize)) != 0) { - MBEDTLS_MPI_CHK(mpi_select(&WW, W, w_table_used_size, 1)); - mpi_montmul(&W[x_index], &WW, N, mm, &T); - } + if (mbedtls_mpi_cmp_mpi(X, N) >= 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(X, X, N)); } + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, N->n)); /* - * W[x_index] = A^E * R * R^-1 mod N = A^E mod N + * Convert to and from Montgomery around mbedtls_mpi_core_exp_mod(). */ - mpi_montred(&W[x_index], N, mm, &T); - - if (neg && E->n != 0 && (E->p[0] & 1) != 0) { - W[x_index].s = -1; - MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&W[x_index], N, &W[x_index])); + { + mbedtls_mpi_uint mm = mbedtls_mpi_core_montmul_init(N->p); + mbedtls_mpi_core_to_mont_rep(X->p, X->p, N->p, N->n, mm, RR.p, T); + mbedtls_mpi_core_exp_mod(X->p, X->p, N->p, N->n, E->p, E->n, RR.p, T); + mbedtls_mpi_core_from_mont_rep(X->p, X->p, N->p, N->n, mm, T); } /* - * Load the result in the output variable. + * Correct for negative A. */ - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index])); - -cleanup: + if (A->s == -1 && (E->p[0] & 1) != 0) { + mbedtls_ct_condition_t is_x_non_zero = mbedtls_mpi_core_check_zero_ct(X->p, X->n); + X->s = mbedtls_ct_mpi_sign_if(is_x_non_zero, -1, 1); - /* The first bit of the sliding window is always 1 and therefore the first - * half of the table was unused. */ - for (i = w_table_used_size/2; i < w_table_used_size; i++) { - mbedtls_mpi_free(&W[i]); + MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(X, N, X)); } - mbedtls_mpi_free(&W[x_index]); - mbedtls_mpi_free(&W[1]); - mbedtls_mpi_free(&T); - mbedtls_mpi_free(&Apos); - mbedtls_mpi_free(&WW); +cleanup: + + mbedtls_mpi_zeroize_and_free(T, T_limbs); if (prec_RR == NULL || prec_RR->p == NULL) { mbedtls_mpi_free(&RR); @@ -2054,10 +1729,6 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B) size_t lz, lzt; mbedtls_mpi TA, TB; - MPI_VALIDATE_RET(G != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(B != NULL); - mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB); MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A)); @@ -2168,9 +1839,6 @@ int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const size_t limbs = CHARS_TO_LIMBS(size); - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(f_rng != NULL); - /* Ensure that target MPI has exactly the necessary number of limbs */ MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs)); if (size == 0) { @@ -2214,9 +1882,6 @@ int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(A != NULL); - MPI_VALIDATE_RET(N != NULL); if (mbedtls_mpi_cmp_int(N, 1) <= 0) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; @@ -2372,9 +2037,6 @@ static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds, size_t i, j, k, s; mbedtls_mpi W, R, T, A, RR; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(f_rng != NULL); - mbedtls_mpi_init(&W); mbedtls_mpi_init(&R); mbedtls_mpi_init(&T); mbedtls_mpi_init(&A); mbedtls_mpi_init(&RR); @@ -2462,8 +2124,6 @@ int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi XX; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(f_rng != NULL); XX.s = 1; XX.n = X->n; @@ -2513,9 +2173,6 @@ int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, mbedtls_mpi_uint r; mbedtls_mpi Y; - MPI_VALIDATE_RET(X != NULL); - MPI_VALIDATE_RET(f_rng != NULL); - if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } diff --git a/library/bignum_core.c b/library/bignum_core.c index dfed60d..1a3e0b9 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -856,16 +856,17 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int(mbedtls_mpi_uint *X, return c; } -mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A, - size_t limbs) +mbedtls_ct_condition_t mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A, + size_t limbs) { + volatile const mbedtls_mpi_uint *force_read_A = A; mbedtls_mpi_uint bits = 0; for (size_t i = 0; i < limbs; i++) { - bits |= A[i]; + bits |= force_read_A[i]; } - return bits; + return mbedtls_ct_bool(bits); } void mbedtls_mpi_core_to_mont_rep(mbedtls_mpi_uint *X, diff --git a/library/bignum_core.h b/library/bignum_core.h index b56be0a..92c8d47 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -662,11 +662,11 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int(mbedtls_mpi_uint *X, * \param[in] A The MPI to test. * \param limbs Number of limbs in \p A. * - * \return 0 if `A == 0` - * non-0 (may be any value) if `A != 0`. + * \return MBEDTLS_CT_FALSE if `A == 0` + * MBEDTLS_CT_TRUE if `A != 0`. */ -mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A, - size_t limbs); +mbedtls_ct_condition_t mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A, + size_t limbs); /** * \brief Returns the number of limbs of working memory required for diff --git a/library/debug.c b/library/debug.c index a9d58e5..c36ed3c 100644 --- a/library/debug.c +++ b/library/debug.c @@ -11,7 +11,7 @@ #include "mbedtls/platform.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include <stdarg.h> diff --git a/library/debug_internal.h b/library/debug_internal.h new file mode 100644 index 0000000..4523b46 --- /dev/null +++ b/library/debug_internal.h @@ -0,0 +1,172 @@ +/** + * \file debug_internal.h + * + * \brief Internal part of the public "debug.h". + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_DEBUG_INTERNAL_H +#define MBEDTLS_DEBUG_INTERNAL_H + +#include "mbedtls/debug.h" + +/** + * \brief Print a message to the debug output. This function is always used + * through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl + * context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the message has occurred in + * \param line line number the message has occurred at + * \param format format specifier, in printf format + * \param ... variables used by the format specifier + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6); + +/** + * \brief Print the return value of a function to the debug output. This + * function is always used through the MBEDTLS_SSL_DEBUG_RET() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text the name of the function that returned the error + * \param ret the return code value + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, int ret); + +/** + * \brief Output a buffer of size len bytes to the debug output. This function + * is always used through the MBEDTLS_SSL_DEBUG_BUF() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the buffer being dumped. Normally the + * variable or buffer name + * \param buf the buffer to be outputted + * \param len length of the buffer + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, const char *text, + const unsigned char *buf, size_t len); + +#if defined(MBEDTLS_BIGNUM_C) +/** + * \brief Print a MPI variable to the debug output. This function is always + * used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the + * ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the MPI being output. Normally the + * variable name + * \param X the MPI variable + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_mpi *X); +#endif + +#if defined(MBEDTLS_ECP_LIGHT) +/** + * \brief Print an ECP point to the debug output. This function is always + * used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the + * ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the ECP point being output. Normally the + * variable name + * \param X the ECP point + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_ecp_point *X); +#endif + +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) +/** + * \brief Print a X.509 certificate structure to the debug output. This + * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, + * which supplies the ssl context, file and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param text a name or label for the certificate being output + * \param crt X.509 certificate structure + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const char *text, const mbedtls_x509_crt *crt); +#endif + +/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function + only works for the built-in implementation. */ +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \ + defined(MBEDTLS_ECDH_C) +typedef enum { + MBEDTLS_DEBUG_ECDH_Q, + MBEDTLS_DEBUG_ECDH_QP, + MBEDTLS_DEBUG_ECDH_Z, +} mbedtls_debug_ecdh_attr; + +/** + * \brief Print a field of the ECDH structure in the SSL context to the debug + * output. This function is always used through the + * MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file + * and line number parameters. + * + * \param ssl SSL context + * \param level error level of the debug message + * \param file file the error has occurred in + * \param line line number the error has occurred in + * \param ecdh the ECDH context + * \param attr the identifier of the attribute being output + * + * \attention This function is intended for INTERNAL usage within the + * library only. + */ +void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level, + const char *file, int line, + const mbedtls_ecdh_context *ecdh, + mbedtls_debug_ecdh_attr attr); +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED && + MBEDTLS_ECDH_C */ + +#endif /* MBEDTLS_DEBUG_INTERNAL_H */ diff --git a/library/ecdh.c b/library/ecdh.c index 52b1617..b276c6a 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -144,6 +144,15 @@ static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx) #endif } +mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx) +{ +#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) + return ctx->MBEDTLS_PRIVATE(grp).id; +#else + return ctx->MBEDTLS_PRIVATE(grp_id); +#endif +} + /* * Initialize context */ diff --git a/library/ecp.c b/library/ecp.c index 758d54b..427059b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3302,10 +3302,11 @@ cleanup: /* * Write a private key. */ +#if !defined MBEDTLS_DEPRECATED_REMOVED int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, unsigned char *buf, size_t buflen) { - int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { @@ -3332,6 +3333,39 @@ cleanup: return ret; } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + +int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key, + size_t *olen, unsigned char *buf, size_t buflen) +{ + size_t len = (key->grp.nbits + 7) / 8; + if (len > buflen) { + /* For robustness, ensure *olen <= buflen even on error. */ + *olen = 0; + return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; + } + *olen = len; + + /* Private key not set */ + if (key->d.n == 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + +#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { + return mbedtls_mpi_write_binary_le(&key->d, buf, len); + } +#endif + +#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) + if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) { + return mbedtls_mpi_write_binary(&key->d, buf, len); + } +#endif + + /* Private key set but no recognized curve type? This shouldn't happen. */ + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +} /* * Write a public key. diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 577e23b..c3cd33f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -23,12 +23,6 @@ #if !defined(MBEDTLS_ECP_ALT) -/* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) -#define ECP_VALIDATE(cond) \ - MBEDTLS_INTERNAL_VALIDATE(cond) - #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ @@ -52,7 +46,7 @@ defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) /* For these curves, we build the group parameters dynamically. */ #define ECP_LOAD_GROUP -static mbedtls_mpi_uint mpi_one[] = { 1 }; +static const mbedtls_mpi_uint mpi_one[] = { 1 }; #endif /* @@ -4511,7 +4505,7 @@ static inline void ecp_mpi_set1(mbedtls_mpi *X) { X->s = 1; X->n = 1; - X->p = mpi_one; + X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */ } /* @@ -4722,7 +4716,6 @@ cleanup: */ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) { - ECP_VALIDATE_RET(grp != NULL); mbedtls_ecp_group_free(grp); mbedtls_ecp_group_init(grp); @@ -5318,7 +5311,7 @@ cleanup: */ #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R -static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, +static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs, size_t adjust, size_t shift, mbedtls_mpi_uint mask) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -5332,7 +5325,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p /* Init R */ R.s = 1; - R.p = Rp; + R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */ R.n = P_KOBLITZ_R; /* Common setup for M */ @@ -5403,7 +5396,7 @@ cleanup: */ static int ecp_mod_p192k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; @@ -5420,7 +5413,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N) */ static int ecp_mod_p224k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; @@ -5442,7 +5435,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N) */ static int ecp_mod_p256k1(mbedtls_mpi *N) { - static mbedtls_mpi_uint Rp[] = { + static const mbedtls_mpi_uint Rp[] = { MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00) }; diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c index 4ee0f58..035b23a 100644 --- a/library/ecp_curves_new.c +++ b/library/ecp_curves_new.c @@ -28,12 +28,6 @@ #if !defined(MBEDTLS_ECP_ALT) -/* Parameter validation macros based on platform_util.h */ -#define ECP_VALIDATE_RET(cond) \ - MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA) -#define ECP_VALIDATE(cond) \ - MBEDTLS_INTERNAL_VALIDATE(cond) - #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) } #define ECP_MPI_INIT_ARRAY(x) \ @@ -4764,7 +4758,6 @@ cleanup: */ int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id) { - ECP_VALIDATE_RET(grp != NULL); mbedtls_ecp_group_free(grp); mbedtls_ecp_group_init(grp); diff --git a/library/entropy_poll.c b/library/entropy_poll.c index bd21e2d..794ee03 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#if defined(__linux__) && !defined(_GNU_SOURCE) +#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE) /* Ensure that syscall() is available even when compiling with -std=c99 */ #define _GNU_SOURCE #endif diff --git a/library/gcm.c b/library/gcm.c index c677ca4..90c1d1d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -41,6 +41,12 @@ #if !defined(MBEDTLS_GCM_ALT) +/* Used to select the acceleration mechanism */ +#define MBEDTLS_GCM_ACC_SMALLTABLE 0 +#define MBEDTLS_GCM_ACC_LARGETABLE 1 +#define MBEDTLS_GCM_ACC_AESNI 2 +#define MBEDTLS_GCM_ACC_AESCE 3 + /* * Initialize a context */ @@ -49,6 +55,39 @@ void mbedtls_gcm_init(mbedtls_gcm_context *ctx) memset(ctx, 0, sizeof(mbedtls_gcm_context)); } +static inline void gcm_set_acceleration(mbedtls_gcm_context *ctx) +{ +#if defined(MBEDTLS_GCM_LARGE_TABLE) + ctx->acceleration = MBEDTLS_GCM_ACC_LARGETABLE; +#else + ctx->acceleration = MBEDTLS_GCM_ACC_SMALLTABLE; +#endif + +#if defined(MBEDTLS_AESNI_HAVE_CODE) + /* With CLMUL support, we need only h, not the rest of the table */ + if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { + ctx->acceleration = MBEDTLS_GCM_ACC_AESNI; + } +#endif + +#if defined(MBEDTLS_AESCE_HAVE_CODE) + if (MBEDTLS_AESCE_HAS_SUPPORT()) { + ctx->acceleration = MBEDTLS_GCM_ACC_AESCE; + } +#endif +} + +static inline void gcm_gen_table_rightshift(uint64_t dst[2], const uint64_t src[2]) +{ + uint8_t *u8Dst = (uint8_t *) dst; + uint8_t *u8Src = (uint8_t *) src; + + MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[1], 0) >> 1, &dst[1], 0); + u8Dst[8] |= (u8Src[7] & 0x01) << 7; + MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[0], 0) >> 1, &dst[0], 0); + u8Dst[0] ^= (u8Src[15] & 0x01) ? 0xE1 : 0; +} + /* * Precompute small multiples of H, that is set * HH[i] || HL[i] = H times i, @@ -60,11 +99,8 @@ void mbedtls_gcm_init(mbedtls_gcm_context *ctx) static int gcm_gen_table(mbedtls_gcm_context *ctx) { int ret, i, j; - uint64_t hi, lo; - uint64_t vl, vh; - unsigned char h[16]; - - memset(h, 0, 16); + uint64_t u64h[2] = { 0 }; + uint8_t *h = (uint8_t *) u64h; #if defined(MBEDTLS_BLOCK_CIPHER_C) ret = mbedtls_block_cipher_encrypt(&ctx->block_cipher_ctx, h, h); @@ -76,53 +112,48 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) return ret; } - /* pack h as two 64-bits ints, big-endian */ - hi = MBEDTLS_GET_UINT32_BE(h, 0); - lo = MBEDTLS_GET_UINT32_BE(h, 4); - vh = (uint64_t) hi << 32 | lo; + gcm_set_acceleration(ctx); - hi = MBEDTLS_GET_UINT32_BE(h, 8); - lo = MBEDTLS_GET_UINT32_BE(h, 12); - vl = (uint64_t) hi << 32 | lo; - - /* 8 = 1000 corresponds to 1 in GF(2^128) */ - ctx->HL[8] = vl; - ctx->HH[8] = vh; + /* MBEDTLS_GCM_HTABLE_SIZE/2 = 1000 corresponds to 1 in GF(2^128) */ + ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; + ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][1] = u64h[1]; + switch (ctx->acceleration) { #if defined(MBEDTLS_AESNI_HAVE_CODE) - /* With CLMUL support, we need only h, not the rest of the table */ - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { - return 0; - } + case MBEDTLS_GCM_ACC_AESNI: + return 0; #endif #if defined(MBEDTLS_AESCE_HAVE_CODE) - if (MBEDTLS_AESCE_HAS_SUPPORT()) { - return 0; - } + case MBEDTLS_GCM_ACC_AESCE: + return 0; #endif - /* 0 corresponds to 0 in GF(2^128) */ - ctx->HH[0] = 0; - ctx->HL[0] = 0; + default: + /* 0 corresponds to 0 in GF(2^128) */ + ctx->H[0][0] = 0; + ctx->H[0][1] = 0; - for (i = 4; i > 0; i >>= 1) { - uint32_t T = (vl & 1) * 0xe1000000U; - vl = (vh << 63) | (vl >> 1); - vh = (vh >> 1) ^ ((uint64_t) T << 32); + for (i = MBEDTLS_GCM_HTABLE_SIZE/4; i > 0; i >>= 1) { + gcm_gen_table_rightshift(ctx->H[i], ctx->H[i*2]); + } - ctx->HL[i] = vl; - ctx->HH[i] = vh; - } +#if !defined(MBEDTLS_GCM_LARGE_TABLE) + /* pack elements of H as 64-bits ints, big-endian */ + for (i = MBEDTLS_GCM_HTABLE_SIZE/2; i > 0; i >>= 1) { + MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); + MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); + } +#endif - for (i = 2; i <= 8; i *= 2) { - uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i; - vh = *HiH; - vl = *HiL; - for (j = 1; j < i; j++) { - HiH[j] = vh ^ ctx->HH[j]; - HiL[j] = vl ^ ctx->HL[j]; - } + for (i = 2; i < MBEDTLS_GCM_HTABLE_SIZE; i <<= 1) { + for (j = 1; j < i; j++) { + mbedtls_xor_no_simd((unsigned char *) ctx->H[i+j], + (unsigned char *) ctx->H[i], + (unsigned char *) ctx->H[j], + 16); + } + } } return 0; @@ -181,6 +212,80 @@ int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx, return 0; } +#if defined(MBEDTLS_GCM_LARGE_TABLE) +static const uint16_t last8[256] = { + 0x0000, 0xc201, 0x8403, 0x4602, 0x0807, 0xca06, 0x8c04, 0x4e05, + 0x100e, 0xd20f, 0x940d, 0x560c, 0x1809, 0xda08, 0x9c0a, 0x5e0b, + 0x201c, 0xe21d, 0xa41f, 0x661e, 0x281b, 0xea1a, 0xac18, 0x6e19, + 0x3012, 0xf213, 0xb411, 0x7610, 0x3815, 0xfa14, 0xbc16, 0x7e17, + 0x4038, 0x8239, 0xc43b, 0x063a, 0x483f, 0x8a3e, 0xcc3c, 0x0e3d, + 0x5036, 0x9237, 0xd435, 0x1634, 0x5831, 0x9a30, 0xdc32, 0x1e33, + 0x6024, 0xa225, 0xe427, 0x2626, 0x6823, 0xaa22, 0xec20, 0x2e21, + 0x702a, 0xb22b, 0xf429, 0x3628, 0x782d, 0xba2c, 0xfc2e, 0x3e2f, + 0x8070, 0x4271, 0x0473, 0xc672, 0x8877, 0x4a76, 0x0c74, 0xce75, + 0x907e, 0x527f, 0x147d, 0xd67c, 0x9879, 0x5a78, 0x1c7a, 0xde7b, + 0xa06c, 0x626d, 0x246f, 0xe66e, 0xa86b, 0x6a6a, 0x2c68, 0xee69, + 0xb062, 0x7263, 0x3461, 0xf660, 0xb865, 0x7a64, 0x3c66, 0xfe67, + 0xc048, 0x0249, 0x444b, 0x864a, 0xc84f, 0x0a4e, 0x4c4c, 0x8e4d, + 0xd046, 0x1247, 0x5445, 0x9644, 0xd841, 0x1a40, 0x5c42, 0x9e43, + 0xe054, 0x2255, 0x6457, 0xa656, 0xe853, 0x2a52, 0x6c50, 0xae51, + 0xf05a, 0x325b, 0x7459, 0xb658, 0xf85d, 0x3a5c, 0x7c5e, 0xbe5f, + 0x00e1, 0xc2e0, 0x84e2, 0x46e3, 0x08e6, 0xcae7, 0x8ce5, 0x4ee4, + 0x10ef, 0xd2ee, 0x94ec, 0x56ed, 0x18e8, 0xdae9, 0x9ceb, 0x5eea, + 0x20fd, 0xe2fc, 0xa4fe, 0x66ff, 0x28fa, 0xeafb, 0xacf9, 0x6ef8, + 0x30f3, 0xf2f2, 0xb4f0, 0x76f1, 0x38f4, 0xfaf5, 0xbcf7, 0x7ef6, + 0x40d9, 0x82d8, 0xc4da, 0x06db, 0x48de, 0x8adf, 0xccdd, 0x0edc, + 0x50d7, 0x92d6, 0xd4d4, 0x16d5, 0x58d0, 0x9ad1, 0xdcd3, 0x1ed2, + 0x60c5, 0xa2c4, 0xe4c6, 0x26c7, 0x68c2, 0xaac3, 0xecc1, 0x2ec0, + 0x70cb, 0xb2ca, 0xf4c8, 0x36c9, 0x78cc, 0xbacd, 0xfccf, 0x3ece, + 0x8091, 0x4290, 0x0492, 0xc693, 0x8896, 0x4a97, 0x0c95, 0xce94, + 0x909f, 0x529e, 0x149c, 0xd69d, 0x9898, 0x5a99, 0x1c9b, 0xde9a, + 0xa08d, 0x628c, 0x248e, 0xe68f, 0xa88a, 0x6a8b, 0x2c89, 0xee88, + 0xb083, 0x7282, 0x3480, 0xf681, 0xb884, 0x7a85, 0x3c87, 0xfe86, + 0xc0a9, 0x02a8, 0x44aa, 0x86ab, 0xc8ae, 0x0aaf, 0x4cad, 0x8eac, + 0xd0a7, 0x12a6, 0x54a4, 0x96a5, 0xd8a0, 0x1aa1, 0x5ca3, 0x9ea2, + 0xe0b5, 0x22b4, 0x64b6, 0xa6b7, 0xe8b2, 0x2ab3, 0x6cb1, 0xaeb0, + 0xf0bb, 0x32ba, 0x74b8, 0xb6b9, 0xf8bc, 0x3abd, 0x7cbf, 0xbebe +}; + +static void gcm_mult_largetable(uint8_t *output, const uint8_t *x, uint64_t H[256][2]) +{ + int i; + uint64_t u64z[2]; + uint16_t *u16z = (uint16_t *) u64z; + uint8_t *u8z = (uint8_t *) u64z; + uint8_t rem; + + u64z[0] = 0; + u64z[1] = 0; + + if (MBEDTLS_IS_BIG_ENDIAN) { + for (i = 15; i > 0; i--) { + mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[x[i]], 16); + rem = u8z[15]; + + u64z[1] >>= 8; + u8z[8] = u8z[7]; + u64z[0] >>= 8; + + u16z[0] ^= MBEDTLS_GET_UINT16_LE(&last8[rem], 0); + } + } else { + for (i = 15; i > 0; i--) { + mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[x[i]], 16); + rem = u8z[15]; + + u64z[1] <<= 8; + u8z[8] = u8z[7]; + u64z[0] <<= 8; + + u16z[0] ^= last8[rem]; + } + } + + mbedtls_xor_no_simd(output, u8z, (uint8_t *) H[x[0]], 16); +} +#else /* * Shoup's method for multiplication use this table with * last4[x] = x times P^128 @@ -194,78 +299,79 @@ static const uint16_t last4[16] = 0x9180, 0x8da0, 0xa9c0, 0xb5e0 }; -/* - * Sets output to x times H using the precomputed tables. - * x and output are seen as elements of GF(2^128) as in [MGV]. - */ -static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], - unsigned char output[16]) +static void gcm_mult_smalltable(uint8_t *output, const uint8_t *x, uint64_t H[16][2]) { int i = 0; unsigned char lo, hi, rem; - uint64_t zh, zl; - -#if defined(MBEDTLS_AESNI_HAVE_CODE) - if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) { - unsigned char h[16]; + uint64_t u64z[2]; + const uint64_t *pu64z = NULL; + uint8_t *u8z = (uint8_t *) u64z; - /* mbedtls_aesni_gcm_mult needs big-endian input */ - MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0); - MBEDTLS_PUT_UINT32_BE(ctx->HH[8], h, 4); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8], h, 12); + lo = x[15] & 0xf; + hi = (x[15] >> 4) & 0xf; - mbedtls_aesni_gcm_mult(output, x, h); - return; - } -#endif /* MBEDTLS_AESNI_HAVE_CODE */ + pu64z = H[lo]; -#if defined(MBEDTLS_AESCE_HAVE_CODE) - if (MBEDTLS_AESCE_HAS_SUPPORT()) { - unsigned char h[16]; + rem = (unsigned char) pu64z[1] & 0xf; + u64z[1] = (pu64z[0] << 60) | (pu64z[1] >> 4); + u64z[0] = (pu64z[0] >> 4); + u64z[0] ^= (uint64_t) last4[rem] << 48; + mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[hi], 16); - /* mbedtls_aesce_gcm_mult needs big-endian input */ - MBEDTLS_PUT_UINT32_BE(ctx->HH[8] >> 32, h, 0); - MBEDTLS_PUT_UINT32_BE(ctx->HH[8], h, 4); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8] >> 32, h, 8); - MBEDTLS_PUT_UINT32_BE(ctx->HL[8], h, 12); + for (i = 14; i >= 0; i--) { + lo = x[i] & 0xf; + hi = (x[i] >> 4) & 0xf; - mbedtls_aesce_gcm_mult(output, x, h); - return; + rem = (unsigned char) u64z[1] & 0xf; + u64z[1] = (u64z[0] << 60) | (u64z[1] >> 4); + u64z[0] = (u64z[0] >> 4); + u64z[0] ^= (uint64_t) last4[rem] << 48; + mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[lo], 16); + + rem = (unsigned char) u64z[1] & 0xf; + u64z[1] = (u64z[0] << 60) | (u64z[1] >> 4); + u64z[0] = (u64z[0] >> 4); + u64z[0] ^= (uint64_t) last4[rem] << 48; + mbedtls_xor_no_simd(u8z, u8z, (uint8_t *) H[hi], 16); } -#endif - - lo = x[15] & 0xf; - - zh = ctx->HH[lo]; - zl = ctx->HL[lo]; - for (i = 15; i >= 0; i--) { - lo = x[i] & 0xf; - hi = (x[i] >> 4) & 0xf; + MBEDTLS_PUT_UINT64_BE(u64z[0], output, 0); + MBEDTLS_PUT_UINT64_BE(u64z[1], output, 8); +} +#endif - if (i != 15) { - rem = (unsigned char) zl & 0xf; - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (uint64_t) last4[rem] << 48; - zh ^= ctx->HH[lo]; - zl ^= ctx->HL[lo]; +/* + * Sets output to x times H using the precomputed tables. + * x and output are seen as elements of GF(2^128) as in [MGV]. + */ +static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], + unsigned char output[16]) +{ + switch (ctx->acceleration) { +#if defined(MBEDTLS_AESNI_HAVE_CODE) + case MBEDTLS_GCM_ACC_AESNI: + mbedtls_aesni_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); + break; +#endif - } +#if defined(MBEDTLS_AESCE_HAVE_CODE) + case MBEDTLS_GCM_ACC_AESCE: + mbedtls_aesce_gcm_mult(output, x, (uint8_t *) ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2]); + break; +#endif - rem = (unsigned char) zl & 0xf; - zl = (zh << 60) | (zl >> 4); - zh = (zh >> 4); - zh ^= (uint64_t) last4[rem] << 48; - zh ^= ctx->HH[hi]; - zl ^= ctx->HL[hi]; +#if defined(MBEDTLS_GCM_LARGE_TABLE) + case MBEDTLS_GCM_ACC_LARGETABLE: + gcm_mult_largetable(output, x, ctx->H); + break; +#else + case MBEDTLS_GCM_ACC_SMALLTABLE: + gcm_mult_smalltable(output, x, ctx->H); + break; +#endif } - MBEDTLS_PUT_UINT32_BE(zh >> 32, output, 0); - MBEDTLS_PUT_UINT32_BE(zh, output, 4); - MBEDTLS_PUT_UINT32_BE(zl >> 32, output, 8); - MBEDTLS_PUT_UINT32_BE(zl, output, 12); + return; } int mbedtls_gcm_starts(mbedtls_gcm_context *ctx, @@ -354,9 +460,17 @@ int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx, { const unsigned char *p; size_t use_len, offset; + uint64_t new_add_len; - /* IV is limited to 2^64 bits, so 2^61 bytes */ - if ((uint64_t) add_len >> 61 != 0) { + /* AD is limited to 2^64 bits, ie 2^61 bytes + * Also check for possible overflow */ +#if SIZE_MAX > 0xFFFFFFFFFFFFFFFFULL + if (add_len > 0xFFFFFFFFFFFFFFFFULL) { + return MBEDTLS_ERR_GCM_BAD_INPUT; + } +#endif + new_add_len = ctx->add_len + (uint64_t) add_len; + if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) { return MBEDTLS_ERR_GCM_BAD_INPUT; } @@ -539,6 +653,9 @@ int mbedtls_gcm_finish(mbedtls_gcm_context *ctx, (void) output_size; *output_length = 0; + /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes + * and AD length is restricted to 2^64 bits, ie 2^61 bytes so neither of + * the two multiplications would overflow. */ orig_len = ctx->len * 8; orig_add_len = ctx->add_len * 8; diff --git a/library/lms.c b/library/lms.c index 08fe753..8d3cae0 100644 --- a/library/lms.c +++ b/library/lms.c @@ -65,7 +65,8 @@ static int local_err_translation(psa_status_t status) #define H_TREE_HEIGHT_MAX 10 #define MERKLE_TREE_NODE_AM(type) ((size_t) 1 << (MBEDTLS_LMS_H_TREE_HEIGHT(type) + 1u)) #define MERKLE_TREE_LEAF_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type)) -#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type)) +#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((unsigned int) \ + (1u << MBEDTLS_LMS_H_TREE_HEIGHT(type))) #define D_CONST_LEN (2) static const unsigned char D_LEAF_CONSTANT_BYTES[D_CONST_LEN] = { 0x82, 0x82 }; diff --git a/library/oid.c b/library/oid.c index d30a464..1d6b1eb 100644 --- a/library/oid.c +++ b/library/oid.c @@ -684,6 +684,18 @@ static const oid_cipher_alg_t oid_cipher_alg[] = MBEDTLS_CIPHER_DES_EDE3_CBC, }, { + OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"), + MBEDTLS_CIPHER_AES_128_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"), + MBEDTLS_CIPHER_AES_192_CBC, + }, + { + OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"), + MBEDTLS_CIPHER_AES_256_CBC, + }, + { NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, }, diff --git a/library/pem.c b/library/pem.c index 539134c..0fee5df 100644 --- a/library/pem.c +++ b/library/pem.c @@ -240,6 +240,29 @@ exit: } #endif /* MBEDTLS_AES_C */ +#if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C) +static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len) +{ + /* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */ + size_t pad_len = input[input_len - 1]; + size_t i; + + if (pad_len > input_len) { + return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; + } + + *data_len = input_len - pad_len; + + for (i = *data_len; i < input_len; i++) { + if (input[i] != pad_len) { + return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; + } + } + + return 0; +} +#endif /* MBEDTLS_DES_C || MBEDTLS_AES_C */ + #endif /* PEM_RFC1421 */ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer, @@ -389,6 +412,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret); } + if (len == 0) { + return MBEDTLS_ERR_PEM_BAD_INPUT_DATA; + } + if ((buf = mbedtls_calloc(1, len)) == NULL) { return MBEDTLS_ERR_PEM_ALLOC_FAILED; } @@ -426,20 +453,20 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const #endif /* MBEDTLS_AES_C */ if (ret != 0) { - mbedtls_free(buf); + mbedtls_zeroize_and_free(buf, len); return ret; } - /* - * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 - * length bytes (allow 4 to be sure) in all known use cases. - * - * Use that as a heuristic to try to detect password mismatches. - */ - if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) { + /* Check PKCS padding and update data length based on padding info. + * This can be used to detect invalid padding data and password + * mismatches. */ + size_t unpadded_len; + ret = pem_check_pkcs_padding(buf, len, &unpadded_len); + if (ret != 0) { mbedtls_zeroize_and_free(buf, len); - return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH; + return ret; } + len = unpadded_len; #else mbedtls_zeroize_and_free(buf, len); return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE; diff --git a/library/pk.c b/library/pk.c index 9261837..003ef4a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -18,10 +18,8 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" -#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_USE_PSA_CRYPTO) #include "rsa_internal.h" #endif -#endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) #include "mbedtls/ecp.h" #endif @@ -29,7 +27,7 @@ #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa_util_internal.h" #include "mbedtls/psa_util.h" #endif @@ -378,6 +376,482 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_RSA_C) +static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa, + int want_crypt) +{ + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + if (want_crypt) { + mbedtls_md_type_t md_type = (mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa); + return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type)); + } else { + return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH); + } + } else { + if (want_crypt) { + return PSA_ALG_RSA_PKCS1V15_CRYPT; + } else { + return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH); + } + } +} +#endif /* MBEDTLS_RSA_C */ + +int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk, + psa_key_usage_t usage, + psa_key_attributes_t *attributes) +{ + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + + psa_key_usage_t more_usage = usage; + if (usage == PSA_KEY_USAGE_SIGN_MESSAGE) { + more_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } else if (usage == PSA_KEY_USAGE_SIGN_HASH) { + more_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } else if (usage == PSA_KEY_USAGE_DECRYPT) { + more_usage |= PSA_KEY_USAGE_ENCRYPT; + } + more_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + + int want_private = !(usage == PSA_KEY_USAGE_VERIFY_MESSAGE || + usage == PSA_KEY_USAGE_VERIFY_HASH || + usage == PSA_KEY_USAGE_ENCRYPT); + + switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + int want_crypt = 0; /* 0: sign/verify; 1: encrypt/decrypt */ + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + case PSA_KEY_USAGE_SIGN_HASH: + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + /* Nothing to do. */ + break; + case PSA_KEY_USAGE_DECRYPT: + case PSA_KEY_USAGE_ENCRYPT: + want_crypt = 1; + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + /* Detect the presence of a private key in a way that works both + * in CRT and non-CRT configurations. */ + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + int has_private = (mbedtls_rsa_check_privkey(rsa) == 0); + if (want_private && !has_private) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_set_key_type(attributes, (want_private ? + PSA_KEY_TYPE_RSA_KEY_PAIR : + PSA_KEY_TYPE_RSA_PUBLIC_KEY)); + psa_set_key_bits(attributes, mbedtls_pk_get_bitlen(pk)); + psa_set_key_algorithm(attributes, + psa_algorithm_for_rsa(rsa, want_crypt)); + break; + } +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH); + int derive_ok = (pk_type != MBEDTLS_PK_ECDSA); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_ecc_family_t family = pk->ec_family; + size_t bits = pk->ec_bits; + int has_private = 0; + if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) { + has_private = 1; + } +#else + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + int has_private = (ec->d.n != 0); + size_t bits = 0; + psa_ecc_family_t family = + mbedtls_ecc_group_to_psa(ec->grp.id, &bits); +#endif + psa_algorithm_t alg = 0; + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + case PSA_KEY_USAGE_SIGN_HASH: + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + if (!sign_ok) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); +#else + alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); +#endif + break; + case PSA_KEY_USAGE_DERIVE: + alg = PSA_ALG_ECDH; + if (!derive_ok) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + if (want_private && !has_private) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_set_key_type(attributes, (want_private ? + PSA_KEY_TYPE_ECC_KEY_PAIR(family) : + PSA_KEY_TYPE_ECC_PUBLIC_KEY(family))); + psa_set_key_bits(attributes, bits); + psa_set_key_algorithm(attributes, alg); + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) + case MBEDTLS_PK_RSA_ALT: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + { + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + status = psa_get_key_attributes(pk->priv_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + switch (usage) { + case PSA_KEY_USAGE_SIGN_MESSAGE: + case PSA_KEY_USAGE_SIGN_HASH: + case PSA_KEY_USAGE_VERIFY_MESSAGE: + case PSA_KEY_USAGE_VERIFY_HASH: + if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type) || + old_type == PSA_KEY_TYPE_RSA_KEY_PAIR)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + case PSA_KEY_USAGE_DECRYPT: + case PSA_KEY_USAGE_ENCRYPT: + if (old_type != PSA_KEY_TYPE_RSA_KEY_PAIR) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + case PSA_KEY_USAGE_DERIVE: + if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type))) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + break; + default: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_key_type_t new_type = old_type; + /* Opaque keys are always key pairs, so we don't need a check + * on the input if the required usage is private. We just need + * to adjust the type correctly if the required usage is public. */ + if (!want_private) { + new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type); + } + more_usage = psa_get_key_usage_flags(&old_attributes); + if ((usage & more_usage) == 0) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + psa_set_key_type(attributes, new_type); + psa_set_key_bits(attributes, psa_get_key_bits(&old_attributes)); + psa_set_key_algorithm(attributes, psa_get_key_algorithm(&old_attributes)); + break; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + psa_set_key_usage_flags(attributes, more_usage); + psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE); + + return 0; +} + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_USE_PSA_CRYPTO) +static psa_status_t export_import_into_psa(mbedtls_svc_key_id_t old_key_id, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *new_key_id) +{ + unsigned char key_buffer[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + size_t key_length = 0; + psa_status_t status = psa_export_key(old_key_id, + key_buffer, sizeof(key_buffer), + &key_length); + if (status != PSA_SUCCESS) { + return status; + } + status = psa_import_key(attributes, key_buffer, key_length, new_key_id); + mbedtls_platform_zeroize(key_buffer, key_length); + return status; +} + +static int copy_into_psa(mbedtls_svc_key_id_t old_key_id, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *new_key_id) +{ + /* Normally, we prefer copying: it's more efficient and works even + * for non-exportable keys. */ + psa_status_t status = psa_copy_key(old_key_id, attributes, new_key_id); + if (status == PSA_ERROR_NOT_PERMITTED /*missing COPY usage*/ || + status == PSA_ERROR_INVALID_ARGUMENT /*incompatible policy*/) { + /* There are edge cases where copying won't work, but export+import + * might: + * - If the old key does not allow PSA_KEY_USAGE_COPY. + * - If the old key's usage does not allow what attributes wants. + * Because the key was intended for use in the pk module, and may + * have had a policy chosen solely for what pk needs rather than + * based on a detailed understanding of PSA policies, we are a bit + * more liberal than psa_copy_key() here. + */ + /* Here we need to check that the types match, otherwise we risk + * importing nonsensical data. */ + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + status = psa_get_key_attributes(old_key_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + psa_reset_key_attributes(&old_attributes); + if (old_type != psa_get_key_type(attributes)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + status = export_import_into_psa(old_key_id, attributes, new_key_id); + } + return PSA_PK_TO_MBEDTLS_ERR(status); +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_USE_PSA_CRYPTO */ + +static int import_pair_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + switch (mbedtls_pk_get_type(pk)) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + if (psa_get_key_type(attributes) != PSA_KEY_TYPE_RSA_KEY_PAIR) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char key_buffer[ + PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)]; + unsigned char *const key_end = key_buffer + sizeof(key_buffer); + unsigned char *key_data = key_end; + int ret = mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), + key_buffer, &key_data); + if (ret < 0) { + return ret; + } + size_t key_length = key_end - key_data; + ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_data, key_length, + key_id)); + mbedtls_platform_zeroize(key_data, key_length); + return ret; + } +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + /* We need to check the curve family, otherwise the import could + * succeed with nonsensical data. + * We don't check the bit-size: it's optional in attributes, + * and if it's specified, psa_import_key() will know from the key + * data length and will check that the bit-size matches. */ + psa_key_type_t to_type = psa_get_key_type(attributes); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_ecc_family_t from_family = pk->ec_family; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + size_t from_bits = 0; + psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id, + &from_bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (to_type != PSA_KEY_TYPE_ECC_KEY_PAIR(from_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (mbedtls_svc_key_id_is_null(pk->priv_id)) { + /* We have a public key and want a key pair. */ + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + return copy_into_psa(pk->priv_id, attributes, key_id); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (ec->d.n == 0) { + /* Private key not set. Assume the input is a public key only. + * (The other possibility is that it's an incomplete object + * where the group is set but neither the public key nor + * the private key. This is not possible through ecp.h + * functions, so we don't bother reporting a more suitable + * error in that case.) */ + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char key_buffer[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + size_t key_length = 0; + int ret = mbedtls_ecp_write_key_ext(ec, &key_length, + key_buffer, sizeof(key_buffer)); + if (ret < 0) { + return ret; + } + ret = PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_buffer, key_length, + key_id)); + mbedtls_platform_zeroize(key_buffer, key_length); + return ret; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + return copy_into_psa(pk->priv_id, attributes, key_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } +} + +static int import_public_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + psa_key_type_t psa_type = psa_get_key_type(attributes); + +#if defined(MBEDTLS_RSA_C) || \ + (defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char key_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; +#endif + unsigned char *key_data = NULL; + size_t key_length = 0; + + switch (mbedtls_pk_get_type(pk)) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + if (psa_type != PSA_KEY_TYPE_RSA_PUBLIC_KEY) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + unsigned char *const key_end = key_buffer + sizeof(key_buffer); + key_data = key_end; + int ret = mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*pk), + key_buffer, &key_data); + if (ret < 0) { + return ret; + } + key_length = (size_t) ret; + break; + } +#endif /*MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + /* We need to check the curve family, otherwise the import could + * succeed with nonsensical data. + * We don't check the bit-size: it's optional in attributes, + * and if it's specified, psa_import_key() will know from the key + * data length and will check that the bit-size matches. */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (psa_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + key_data = (unsigned char *) pk->pub_raw; + key_length = pk->pub_raw_len; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + size_t from_bits = 0; + psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id, + &from_bits); + if (psa_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(from_family)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + int ret = mbedtls_ecp_write_public_key( + ec, MBEDTLS_ECP_PF_UNCOMPRESSED, + &key_length, key_buffer, sizeof(key_buffer)); + if (ret < 0) { + return ret; + } + key_data = key_buffer; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + { + psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = + psa_get_key_attributes(pk->priv_id, &old_attributes); + if (status != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + psa_key_type_t old_type = psa_get_key_type(&old_attributes); + psa_reset_key_attributes(&old_attributes); + if (psa_type != PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(old_type)) { + return MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + status = psa_export_public_key(pk->priv_id, + key_buffer, sizeof(key_buffer), + &key_length); + if (status != PSA_SUCCESS) { + return PSA_PK_TO_MBEDTLS_ERR(status); + } + key_data = key_buffer; + break; + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + return PSA_PK_TO_MBEDTLS_ERR(psa_import_key(attributes, + key_data, key_length, + key_id)); +} + +int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key_id) +{ + /* Set the output immediately so that it won't contain garbage even + * if we error out before calling psa_import_key(). */ + *key_id = MBEDTLS_SVC_KEY_ID_INIT; + +#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA_ALT) { + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } +#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ + + int want_public = PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(attributes)); + if (want_public) { + return import_public_into_psa(pk, attributes, key_id); + } else { + return import_pair_into_psa(pk, attributes, key_id); + } +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* * Helper for mbedtls_pk_sign and mbedtls_pk_verify */ @@ -708,9 +1182,32 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t psa_alg, psa_enrollment_alg, sign_alg; psa_status_t status; - status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg), + status = psa_get_key_attributes(ctx->priv_id, &key_attr); + if (status != PSA_SUCCESS) { + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); + } + psa_alg = psa_get_key_algorithm(&key_attr); + psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr); + psa_reset_key_attributes(&key_attr); + + /* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between + * alg and enrollment alg should be of type RSA_PSS. */ + if (PSA_ALG_IS_RSA_PSS(psa_alg)) { + sign_alg = psa_alg; + } else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) { + sign_alg = psa_enrollment_alg; + } else { + /* The opaque key has no RSA PSS algorithm associated. */ + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + /* Adjust the hashing algorithm. */ + sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg); + + status = psa_sign_hash(ctx->priv_id, sign_alg, hash, hash_len, sig, sig_size, sig_len); return PSA_PK_RSA_TO_MBEDTLS_ERR(status); @@ -877,124 +1374,4 @@ mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx) return ctx->pk_info->type; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * Load the key to a PSA key slot, - * then turn the PK context into a wrapper for that key slot. - * - * Currently only works for EC & RSA private keys. - */ -int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, - mbedtls_svc_key_id_t *key, - psa_algorithm_t alg, - psa_key_usage_t usage, - psa_algorithm_t alg2) -{ -#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C) - ((void) pk); - ((void) key); - ((void) alg); - ((void) usage); - ((void) alg2); -#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { - size_t d_len; - psa_ecc_family_t curve_id; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - size_t bits; - psa_status_t status; - - /* export the private key material in the format PSA wants */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; - status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len); - if (status != PSA_SUCCESS) { - return psa_pk_status_to_mbedtls(status); - } - - curve_id = pk->ec_family; - bits = pk->ec_bits; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - unsigned char d[MBEDTLS_ECP_MAX_BYTES]; - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - d_len = PSA_BITS_TO_BYTES(ec->grp.nbits); - if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) { - return ret; - } - - curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id); - - /* prepare the key attributes */ - psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, bits); - psa_set_key_usage_flags(&attributes, usage); - psa_set_key_algorithm(&attributes, alg); - if (alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&attributes, alg2); - } - - /* import private key into PSA */ - status = psa_import_key(&attributes, d, d_len, key); - mbedtls_platform_zeroize(d, sizeof(d)); - if (status != PSA_SUCCESS) { - return PSA_PK_TO_MBEDTLS_ERR(status); - } - - /* make PK context wrap the key slot */ - mbedtls_pk_free(pk); - mbedtls_pk_init(pk); - - return mbedtls_pk_setup_opaque(pk, *key); - } else -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { - unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - int key_len; - psa_status_t status; - - /* export the private key material in the format PSA wants */ - key_len = mbedtls_pk_write_key_der(pk, buf, sizeof(buf)); - if (key_len <= 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - /* prepare the key attributes */ - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); - psa_set_key_bits(&attributes, mbedtls_pk_get_bitlen(pk)); - psa_set_key_usage_flags(&attributes, usage); - psa_set_key_algorithm(&attributes, alg); - if (alg2 != PSA_ALG_NONE) { - psa_set_key_enrollment_algorithm(&attributes, alg2); - } - - /* import private key into PSA */ - status = psa_import_key(&attributes, - buf + sizeof(buf) - key_len, - key_len, key); - - mbedtls_platform_zeroize(buf, sizeof(buf)); - - if (status != PSA_SUCCESS) { - return PSA_PK_TO_MBEDTLS_ERR(status); - } - - /* make PK context wrap the key slot */ - mbedtls_pk_free(pk); - mbedtls_pk_init(pk); - - return mbedtls_pk_setup_opaque(pk, *key); - } else -#endif /* MBEDTLS_RSA_C */ -#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */ - return MBEDTLS_ERR_PK_TYPE_MISMATCH; -} -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_C */ diff --git a/library/pk_internal.h b/library/pk_internal.h index 3d5adf8..f5924ad 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -17,7 +17,7 @@ #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "psa/crypto.h" #include "psa_util_internal.h" @@ -28,7 +28,7 @@ #define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_pk_ecdsa_errors, \ psa_pk_status_to_mbedtls) -#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Headers/footers for PEM files */ #define PEM_BEGIN_PUBLIC_KEY "-----BEGIN PUBLIC KEY-----" @@ -144,4 +144,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); #endif +#if defined(MBEDTLS_FS_IO) +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n); +#endif + #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c232650..846175e 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -29,9 +29,11 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa_util_internal.h" #include "psa/crypto.h" +#include "mbedtls/psa_util.h" #if defined(MBEDTLS_RSA_C) #include "pkwrite.h" +#include "rsa_internal.h" #endif #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -56,7 +58,7 @@ static int rsa_can_do(mbedtls_pk_type_t type) static size_t rsa_get_bitlen(mbedtls_pk_context *pk) { const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx; - return 8 * mbedtls_rsa_get_len(rsa); + return mbedtls_rsa_get_bitlen(rsa); } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -69,11 +71,10 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; - psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); + unsigned char *p = buf + sizeof(buf); + psa_algorithm_t psa_alg_md; size_t rsa_len = mbedtls_rsa_get_len(rsa); #if SIZE_MAX > UINT_MAX @@ -82,15 +83,17 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, } #endif + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_alg_md = PSA_ALG_RSA_PSS(mbedtls_md_psa_alg_from_type(md_alg)); + } else { + psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); + } + if (sig_len < rsa_len) { return MBEDTLS_ERR_RSA_VERIFY_FAILED; } - /* mbedtls_pk_write_pubkey_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -172,14 +175,15 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char *buf = NULL; + unsigned char *p; + buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); if (buf == NULL) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } - mbedtls_pk_info_t pk_info = mbedtls_rsa_info; + p = buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES; *sig_len = mbedtls_rsa_get_len(rsa_ctx); if (sig_size < *sig_len) { @@ -187,11 +191,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } - /* mbedtls_pk_write_key_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &pk_info; - key.pk_ctx = rsa_ctx; - key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES); + key_len = mbedtls_rsa_write_key(rsa_ctx, buf, &p); if (key_len <= 0) { mbedtls_free(buf); return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -240,10 +240,14 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } + psa_algorithm_t psa_alg; + if (mbedtls_rsa_get_padding_mode(mbedtls_pk_rsa(*pk)) == MBEDTLS_RSA_PKCS_V21) { + psa_alg = PSA_ALG_RSA_PSS(psa_md_alg); + } else { + psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg); + } - return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN( - psa_md_alg), - pk->pk_ctx, hash, hash_len, + return mbedtls_pk_psa_rsa_sign_ext(psa_alg, pk->pk_ctx, hash, hash_len, sig, sig_size, sig_len); } #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -281,36 +285,33 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_algorithm_t psa_md_alg, decrypt_alg; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES]; + unsigned char *p = buf + sizeof(buf); ((void) f_rng); ((void) p_rng); -#if !defined(MBEDTLS_RSA_ALT) - if (rsa->padding != MBEDTLS_RSA_PKCS_V15) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; - } -#endif /* !MBEDTLS_RSA_ALT */ - if (ilen != mbedtls_rsa_get_len(rsa)) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - /* mbedtls_pk_write_key_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_write_key(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_md_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa)); + decrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg); + } else { + decrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT; + } + psa_set_key_algorithm(&attributes, decrypt_alg); status = psa_import_key(&attributes, buf + sizeof(buf) - key_len, key_len, @@ -320,7 +321,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk, goto cleanup; } - status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + status = psa_asymmetric_decrypt(key_id, decrypt_alg, input, ilen, NULL, 0, output, osize, olen); @@ -367,35 +368,31 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_algorithm_t psa_md_alg; psa_status_t status; - mbedtls_pk_context key; int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; + unsigned char *p = buf + sizeof(buf); ((void) f_rng); ((void) p_rng); -#if !defined(MBEDTLS_RSA_ALT) - if (rsa->padding != MBEDTLS_RSA_PKCS_V15) { - return MBEDTLS_ERR_RSA_INVALID_PADDING; - } -#endif - if (mbedtls_rsa_get_len(rsa) > osize) { return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE; } - /* mbedtls_pk_write_pubkey_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_rsa_info; - key.pk_ctx = rsa; - key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf)); + key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p); if (key_len <= 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) { + psa_md_alg = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa)); + psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(psa_md_alg)); + } else { + psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + } psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY); status = psa_import_key(&attributes, @@ -536,66 +533,6 @@ static size_t eckey_get_bitlen(mbedtls_pk_context *pk) #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of - * those integers and convert it to the fixed-length encoding expected by PSA. - */ -static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end, - unsigned char *to, size_t to_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t unpadded_len, padding_len; - - if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len, - MBEDTLS_ASN1_INTEGER)) != 0) { - return ret; - } - - while (unpadded_len > 0 && **from == 0x00) { - (*from)++; - unpadded_len--; - } - - if (unpadded_len > to_len || unpadded_len == 0) { - return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; - } - - padding_len = to_len - unpadded_len; - memset(to, 0x00, padding_len); - memcpy(to + padding_len, *from, unpadded_len); - (*from) += unpadded_len; - - return 0; -} - -/* - * Convert a signature from an ASN.1 sequence of two integers - * to a raw {r,s} buffer. Note: the provided sig buffer must be at least - * twice as big as int_size. - */ -static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end, - unsigned char *sig, size_t int_size) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t tmp_size; - - if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - /* Extract r */ - if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) { - return ret; - } - /* Extract s */ - if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) { - return ret; - } - - return 0; -} - /* Common helper for ECDSA verify using PSA functions. */ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, psa_ecc_family_t curve, size_t curve_bits, @@ -607,6 +544,7 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits); + size_t converted_sig_len; unsigned char extracted_sig[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; unsigned char *p; psa_status_t status; @@ -631,11 +569,14 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, } p = (unsigned char *) sig; - /* extract_ecdsa_sig's last parameter is the size - * of each integer to be parsed, so it's actually half - * the size of the signature. */ - if ((ret = extract_ecdsa_sig(&p, sig + sig_len, extracted_sig, - signature_len/2)) != 0) { + ret = mbedtls_ecdsa_der_to_raw(curve_bits, p, sig_len, extracted_sig, + sizeof(extracted_sig), &converted_sig_len); + if (ret != 0) { + goto cleanup; + } + + if (converted_sig_len != signature_len) { + ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; goto cleanup; } @@ -646,10 +587,6 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len, goto cleanup; } - if (p != sig + sig_len) { - ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH; - goto cleanup; - } ret = 0; cleanup: @@ -751,90 +688,6 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) #if defined(MBEDTLS_USE_PSA_CRYPTO) -/* - * Simultaneously convert and move raw MPI from the beginning of a buffer - * to an ASN.1 MPI at the end of the buffer. - * See also mbedtls_asn1_write_mpi(). - * - * p: pointer to the end of the output buffer - * start: start of the output buffer, and also of the mpi to write at the end - * n_len: length of the mpi to read from start - */ -static int asn1_write_mpibuf(unsigned char **p, unsigned char *start, - size_t n_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - - if ((size_t) (*p - start) < n_len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - len = n_len; - *p -= len; - memmove(*p, start, len); - - /* ASN.1 DER encoding requires minimal length, so skip leading 0s. - * Neither r nor s should be 0, but as a failsafe measure, still detect - * that rather than overflowing the buffer in case of a PSA error. */ - while (len > 0 && **p == 0x00) { - ++(*p); - --len; - } - - /* this is only reached if the signature was invalid */ - if (len == 0) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - - /* if the msb is 1, ASN.1 requires that we prepend a 0. - * Neither r nor s can be 0, so we can assume len > 0 at all times. */ - if (**p & 0x80) { - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = 0x00; - len += 1; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_INTEGER)); - - return (int) len; -} - -/* Transcode signature from PSA format to ASN.1 sequence. - * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of - * MPIs, and in-place. - * - * [in/out] sig: the signature pre- and post-transcoding - * [in/out] sig_len: signature length pre- and post-transcoding - * [int] buf_len: the available size the in/out buffer - */ -static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, - size_t buf_len) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - const size_t rs_len = *sig_len / 2; - unsigned char *p = sig + buf_len; - - MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len)); - MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - memmove(sig, p, len); - *sig_len = len; - - return 0; -} - /* Common helper for ECDSA sign using PSA functions. * Instead of extracting key's properties in order to check which kind of ECDSA * signature it supports, we try both deterministic and non-deterministic. @@ -845,6 +698,15 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + size_t key_bits = 0; + + status = psa_get_key_attributes(key_id, &key_attr); + if (status != PSA_SUCCESS) { + return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + } + key_bits = psa_get_key_bits(&key_attr); + psa_reset_key_attributes(&key_attr); status = psa_sign_hash(key_id, PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)), @@ -863,7 +725,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, } done: - ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size); + ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, *sig_len, sig, sig_size, sig_len); return ret; } diff --git a/library/pkcs7.c b/library/pkcs7.c index 0869c2e..3aac662 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -7,7 +7,7 @@ #include "mbedtls/build_info.h" #if defined(MBEDTLS_PKCS7_C) #include "mbedtls/pkcs7.h" -#include "mbedtls/x509.h" +#include "x509_internal.h" #include "mbedtls/asn1.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" diff --git a/library/pkparse.c b/library/pkparse.c index 5f95545..5a3d3b2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -28,6 +28,7 @@ /* Key types */ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#include "rsa_internal.h" #endif /* Extended formats */ @@ -757,68 +758,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_RSA_C) -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -static int pk_get_rsapubkey(unsigned char **p, - const unsigned char *end, - mbedtls_rsa_context *rsa) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len; - - if ((ret = mbedtls_asn1_get_tag(p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if (*p + len != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - /* Import N */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0, - NULL, 0, NULL, 0)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - *p += len; - - /* Import E */ - if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); - } - - if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, - NULL, 0, *p, len)) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - *p += len; - - if (mbedtls_rsa_complete(rsa) != 0 || - mbedtls_rsa_check_pubkey(rsa) != 0) { - return MBEDTLS_ERR_PK_INVALID_PUBKEY; - } - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - - return 0; -} -#endif /* MBEDTLS_RSA_C */ - /* Get a PK algorithm identifier * * AlgorithmIdentifier ::= SEQUENCE { @@ -911,7 +850,17 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk)); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p)); + if (ret == 0) { + /* On success all the input has been consumed by the parsing function. */ + *p += end - *p; + } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) && + (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) { + /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */ + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret); + } else { + ret = MBEDTLS_ERR_PK_INVALID_PUBKEY; + } } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -944,195 +893,6 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, return ret; } -#if defined(MBEDTLS_RSA_C) -/* - * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. - * - * The value zero is: - * - never a valid value for an RSA parameter - * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). - * - * Since values can't be omitted in PKCS#1, passing a zero value to - * rsa_complete() would be incorrect, so reject zero values early. - */ -static int asn1_get_nonzero_mpi(unsigned char **p, - const unsigned char *end, - mbedtls_mpi *X) -{ - int ret; - - ret = mbedtls_asn1_get_mpi(p, end, X); - if (ret != 0) { - return ret; - } - - if (mbedtls_mpi_cmp_int(X, 0) == 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - return 0; -} - -/* - * Parse a PKCS#1 encoded private RSA key - */ -static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa, - const unsigned char *key, - size_t keylen) -{ - int ret, version; - size_t len; - unsigned char *p, *end; - - mbedtls_mpi T; - mbedtls_mpi_init(&T); - - p = (unsigned char *) key; - end = p + keylen; - - /* - * This function parses the RSAPrivateKey (PKCS#1) - * - * RSAPrivateKey ::= SEQUENCE { - * version Version, - * modulus INTEGER, -- n - * publicExponent INTEGER, -- e - * privateExponent INTEGER, -- d - * prime1 INTEGER, -- p - * prime2 INTEGER, -- q - * exponent1 INTEGER, -- d mod (p-1) - * exponent2 INTEGER, -- d mod (q-1) - * coefficient INTEGER, -- (inverse of q) mod p - * otherPrimeInfos OtherPrimeInfos OPTIONAL - * } - */ - if ((ret = mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } - - end = p + len; - - if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } - - if (version != 0) { - return MBEDTLS_ERR_PK_KEY_INVALID_VERSION; - } - - /* Import N */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import E */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - NULL, &T)) != 0) { - goto cleanup; - } - - /* Import D */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, - &T, NULL)) != 0) { - goto cleanup; - } - - /* Import P */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, - NULL, NULL)) != 0) { - goto cleanup; - } - - /* Import Q */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, - NULL, NULL)) != 0) { - goto cleanup; - } - -#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) - /* - * The RSA CRT parameters DP, DQ and QP are nominally redundant, in - * that they can be easily recomputed from D, P and Q. However by - * parsing them from the PKCS1 structure it is possible to avoid - * recalculating them which both reduces the overhead of loading - * RSA private keys into memory and also avoids side channels which - * can arise when computing those values, since all of D, P, and Q - * are secret. See https://eprint.iacr.org/2020/055 for a - * description of one such attack. - */ - - /* Import DP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { - goto cleanup; - } - - /* Import DQ */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { - goto cleanup; - } - - /* Import QP */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { - goto cleanup; - } - -#else - /* Verify existence of the CRT params */ - if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || - (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { - goto cleanup; - } -#endif - - /* rsa_complete() doesn't complete anything with the default - * implementation but is still called: - * - for the benefit of alternative implementation that may want to - * pre-compute stuff beyond what's provided (eg Montgomery factors) - * - as is also sanity-checks the key - * - * Furthermore, we also check the public part for consistency with - * mbedtls_pk_parse_pubkey(), as it includes size minima for example. - */ - if ((ret = mbedtls_rsa_complete(rsa)) != 0 || - (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { - goto cleanup; - } - - if (p != end) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); - } - -cleanup: - - mbedtls_mpi_free(&T); - - if (ret != 0) { - /* Wrap error code if it's coming from a lower level */ - if ((ret & 0xff80) == 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } else { - ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - mbedtls_rsa_free(rsa); - } - - return ret; -} -#endif /* MBEDTLS_RSA_C */ - #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* * Parse a SEC1 encoded private EC key @@ -1348,7 +1108,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_RSA_C) if (pk_alg == MBEDTLS_PK_RSA) { - if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) { + if ((ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), p, len)) != 0) { mbedtls_pk_free(pk); return ret; } @@ -1538,8 +1298,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, if (ret == 0) { pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 || - (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), - pem.buf, pem.buflen)) != 0) { + (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), + pem.buf, pem.buflen)) != 0) { mbedtls_pk_free(pk); } @@ -1679,7 +1439,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA); if (mbedtls_pk_setup(pk, pk_info) == 0 && - pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) { + mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key, keylen) == 0) { return 0; } @@ -1754,7 +1514,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } - if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) { + if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, pem.buflen)) != 0) { mbedtls_pk_free(ctx); } @@ -1801,13 +1561,12 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, } p = (unsigned char *) key; - ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx)); + ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, keylen); if (ret == 0) { return ret; } mbedtls_pk_free(ctx); - if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) { + if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { return ret; } #endif /* MBEDTLS_RSA_C */ diff --git a/library/pkwrite.c b/library/pkwrite.c index 1f0d399..5e009c5 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -32,6 +32,9 @@ #if defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" #endif +#if defined(MBEDTLS_RSA_C) +#include "rsa_internal.h" +#endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" @@ -56,60 +59,13 @@ * Internal functions for RSA keys. ******************************************************************************/ #if defined(MBEDTLS_RSA_C) -/* - * RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER -- e - * } - */ -static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, - const mbedtls_pk_context *pk) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - mbedtls_mpi T; - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - - mbedtls_mpi_init(&T); - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; -} - static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, const mbedtls_pk_context *pk) { - size_t len = 0; - int ret; - #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; - size_t tmp_len = 0; + size_t len = 0, tmp_len = 0; if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -118,94 +74,11 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, memcpy(*p, tmp, tmp_len); len += tmp_len; mbedtls_platform_zeroize(tmp, sizeof(tmp)); - } else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - - /* - * Export the parameters one after another to avoid simultaneous copies. - */ - - mbedtls_mpi_init(&T); - - /* Export QP */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export DQ */ - if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - /* Export DP */ - if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export Q */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export P */ - if ((ret = mbedtls_rsa_export(rsa, NULL, &T, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export D */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export E */ - if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, - NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - - /* Export N */ - if ((ret = mbedtls_rsa_export(rsa, &T, NULL, - NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { - goto end_of_export; - } - len += ret; - -end_of_export: - - mbedtls_mpi_free(&T); - if (ret < 0) { - return ret; - } - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, - buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); + return (int) len; } - - return (int) len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p); } #endif /* MBEDTLS_RSA_C */ @@ -329,7 +202,7 @@ static int pk_write_ec_private(unsigned char **p, unsigned char *start, mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); byte_length = (ec->grp.pbits + 7) / 8; - ret = mbedtls_ecp_write_key(ec, tmp, byte_length); + ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp)); if (ret != 0) { goto exit; } @@ -543,7 +416,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p)); } else #endif #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) diff --git a/library/platform_util.c b/library/platform_util.c index 9f5dcb8..0741bf5 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -93,8 +93,6 @@ static void *(*const volatile memset_func)(void *, int, size_t) = memset; void mbedtls_platform_zeroize(void *buf, size_t len) { - MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL); - if (len > 0) { #if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) explicit_bzero(buf, len); @@ -151,10 +149,10 @@ void mbedtls_zeroize_and_free(void *buf, size_t len) #include <time.h> #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ - defined(__MACH__))) + defined(__MACH__)) || defined__midipix__) #include <unistd.h> #endif /* !_WIN32 && (unix || __unix || __unix__ || - * (__APPLE__ && __MACH__)) */ + * (__APPLE__ && __MACH__) || __midipix__) */ #if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \ (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \ @@ -222,9 +220,10 @@ void (*mbedtls_test_hook_test_fail)(const char *, int, const char *); #include <time.h> #if !defined(_WIN32) && \ (defined(unix) || defined(__unix) || defined(__unix__) || \ - (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)) + (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) || defined(__midipix__)) #include <unistd.h> -#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__) */ +#endif \ + /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__ || __midipix__) */ #if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__) mbedtls_ms_time_t mbedtls_ms_time(void) { @@ -232,7 +231,7 @@ mbedtls_ms_time_t mbedtls_ms_time(void) struct timespec tv; mbedtls_ms_time_t current_ms; -#if defined(__linux__) && defined(CLOCK_BOOTTIME) +#if defined(__linux__) && defined(CLOCK_BOOTTIME) || defined(__midipix__) ret = clock_gettime(CLOCK_BOOTTIME, &tv); #else ret = clock_gettime(CLOCK_MONOTONIC, &tv); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7473aef..089751a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -101,11 +101,6 @@ typedef struct { static psa_global_data_t global_data; -#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state = - &global_data.rng.drbg; -#endif - #define GUARD_MODULE_INITIALIZED \ if (global_data.initialized == 0) \ return PSA_ERROR_BAD_STATE; @@ -260,12 +255,30 @@ int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg) defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) static int psa_is_dh_key_size_valid(size_t bits) { - if (bits != 2048 && bits != 3072 && bits != 4096 && - bits != 6144 && bits != 8192) { - return 0; + switch (bits) { +#if defined(PSA_WANT_DH_RFC7919_2048) + case 2048: + return 1; +#endif /* PSA_WANT_DH_RFC7919_2048 */ +#if defined(PSA_WANT_DH_RFC7919_3072) + case 3072: + return 1; +#endif /* PSA_WANT_DH_RFC7919_3072 */ +#if defined(PSA_WANT_DH_RFC7919_4096) + case 4096: + return 1; +#endif /* PSA_WANT_DH_RFC7919_4096 */ +#if defined(PSA_WANT_DH_RFC7919_6144) + case 6144: + return 1; +#endif /* PSA_WANT_DH_RFC7919_6144 */ +#if defined(PSA_WANT_DH_RFC7919_8192) + case 8192: + return 1; +#endif /* PSA_WANT_DH_RFC7919_8192 */ + default: + return 0; } - - return 1; } #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || @@ -681,7 +694,7 @@ psa_status_t psa_import_key_into_slot( size_t *key_buffer_length, size_t *bits) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = attributes->core.type; + psa_key_type_t type = attributes->type; /* zero-length keys are never supported. */ if (data_length == 0) { @@ -691,7 +704,7 @@ psa_status_t psa_import_key_into_slot( if (key_type_is_raw_bytes(type)) { *bits = PSA_BYTES_TO_BITS(data_length); - status = psa_validate_unstructured_key_bit_size(attributes->core.type, + status = psa_validate_unstructured_key_bit_size(attributes->type, *bits); if (status != PSA_SUCCESS) { return status; @@ -708,7 +721,7 @@ psa_status_t psa_import_key_into_slot( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_DH(type)) { if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } return mbedtls_psa_ffdh_import_key(attributes, data, data_length, @@ -1022,8 +1035,13 @@ static psa_status_t psa_restrict_key_policy( * into a key slot if not already done. * * On success, the returned key slot has been registered for reading. - * It is the responsibility of the caller to call psa_unregister_read(slot) - * when they have finished reading the contents of the slot. + * It is the responsibility of the caller to then unregister + * once they have finished reading the contents of the slot. + * The caller unregisters by calling psa_unregister_read() or + * psa_unregister_read_under_mutex(). psa_unregister_read() must be called + * if and only if the caller already holds the global key slot mutex + * (when mutexes are enabled). psa_unregister_read_under_mutex() encapsulates + * the unregister with mutex lock and unlock operations. */ static psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -1067,7 +1085,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( error: *p_slot = NULL; - psa_unregister_read(slot); + psa_unregister_read_under_mutex(slot); return status; } @@ -1083,8 +1101,13 @@ error: * for a cryptographic operation. * * On success, the returned key slot has been registered for reading. - * It is the responsibility of the caller to call psa_unregister_read(slot) - * when they have finished reading the contents of the slot. + * It is the responsibility of the caller to then unregister + * once they have finished reading the contents of the slot. + * The caller unregisters by calling psa_unregister_read() or + * psa_unregister_read_under_mutex(). psa_unregister_read() must be called + * if and only if the caller already holds the global key slot mutex + * (when mutexes are enabled). psa_unregister_read_under_mutex() encapsulates + * psa_unregister_read() with mutex lock and unlock operations. */ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( mbedtls_svc_key_id_t key, @@ -1099,7 +1122,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( } if (psa_key_lifetime_is_external((*p_slot)->attr.lifetime)) { - psa_unregister_read(*p_slot); + psa_unregister_read_under_mutex(*p_slot); *p_slot = NULL; return PSA_ERROR_NOT_SUPPORTED; } @@ -1202,6 +1225,25 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) return status; } +#if defined(MBEDTLS_THREADING_C) + /* We cannot unlock between setting the state to PENDING_DELETION + * and destroying the key in storage, as otherwise another thread + * could load the key into a new slot and the key will not be + * fully destroyed. */ + PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); + + if (slot->state == PSA_SLOT_PENDING_DELETION) { + /* Another thread has destroyed the key between us locking the slot + * and us gaining the mutex. Unregister from the slot, + * and report that the key does not exist. */ + status = psa_unregister_read(slot); + + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); + return (status == PSA_SUCCESS) ? PSA_ERROR_INVALID_HANDLE : status; + } +#endif /* Set the key slot containing the key description's state to * PENDING_DELETION. This stops new operations from registering * to read the slot. Current readers can safely continue to access @@ -1210,7 +1252,12 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) * If the key is persistent, we can now delete the copy of the key * from memory. If the key is opaque, we require the driver to * deal with the deletion. */ - slot->state = PSA_SLOT_PENDING_DELETION; + overall_status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL, + PSA_SLOT_PENDING_DELETION); + + if (overall_status != PSA_SUCCESS) { + goto exit; + } if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) { /* Refuse the destruction of a read-only key (which may or may not work @@ -1265,11 +1312,6 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key) if (overall_status == PSA_SUCCESS) { overall_status = status; } - - /* TODO: other slots may have a copy of the same key. We should - * invalidate them. - * https://github.com/ARMmbed/mbed-crypto/issues/214 - */ } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ @@ -1295,53 +1337,16 @@ exit: if (status != PSA_SUCCESS) { overall_status = status; } - return overall_status; -} - -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) -static psa_status_t psa_get_rsa_public_exponent( - const mbedtls_rsa_context *rsa, - psa_key_attributes_t *attributes) -{ - mbedtls_mpi mpi; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint8_t *buffer = NULL; - size_t buflen; - mbedtls_mpi_init(&mpi); - ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &mpi); - if (ret != 0) { - goto exit; - } - if (mbedtls_mpi_cmp_int(&mpi, 65537) == 0) { - /* It's the default value, which is reported as an empty string, - * so there's nothing to do. */ - goto exit; - } - - buflen = mbedtls_mpi_size(&mpi); - buffer = mbedtls_calloc(1, buflen); - if (buffer == NULL) { - ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; - goto exit; - } - ret = mbedtls_mpi_write_binary(&mpi, buffer, buflen); - if (ret != 0) { - goto exit; - } - attributes->domain_parameters = buffer; - attributes->domain_parameters_size = buflen; +#if defined(MBEDTLS_THREADING_C) + /* Don't overwrite existing errors if the unlock fails. */ + status = overall_status; + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif -exit: - mbedtls_mpi_free(&mpi); - if (ret != 0) { - mbedtls_free(buffer); - } - return mbedtls_to_psa_error(ret); + return overall_status; } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ /** Retrieve all the publicly-accessible attributes of a key. */ @@ -1349,7 +1354,6 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; psa_reset_key_attributes(attributes); @@ -1359,9 +1363,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, return status; } - attributes->core = slot->attr; - attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | - MBEDTLS_PSA_KA_MASK_DUAL_USE); + *attributes = slot->attr; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) { @@ -1370,55 +1372,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - switch (slot->attr.type) { -#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - case PSA_KEY_TYPE_RSA_KEY_PAIR: - case PSA_KEY_TYPE_RSA_PUBLIC_KEY: - /* TODO: This is a temporary situation where domain parameters are deprecated, - * but we need it for namely generating an RSA key with a non-default exponent. - * This would be improved after https://github.com/Mbed-TLS/mbedtls/issues/6494. - */ - if (!psa_key_lifetime_is_external(slot->attr.lifetime)) { - mbedtls_rsa_context *rsa = NULL; - - status = mbedtls_psa_rsa_load_representation( - slot->attr.type, - slot->key.data, - slot->key.bytes, - &rsa); - if (status != PSA_SUCCESS) { - break; - } - - status = psa_get_rsa_public_exponent(rsa, - attributes); - mbedtls_rsa_free(rsa); - mbedtls_free(rsa); - } - break; -#else - case PSA_KEY_TYPE_RSA_KEY_PAIR: - case PSA_KEY_TYPE_RSA_PUBLIC_KEY: - attributes->domain_parameters = NULL; - attributes->domain_parameters_size = SIZE_MAX; - break; -#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - default: - /* Nothing else to do. */ - break; - } - - if (status != PSA_SUCCESS) { - psa_reset_key_attributes(attributes); - } - - unlock_status = psa_unregister_read(slot); - - return (status == PSA_SUCCESS) ? unlock_status : status; + return psa_unregister_read_under_mutex(slot); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1426,7 +1380,7 @@ psa_status_t psa_get_key_slot_number( const psa_key_attributes_t *attributes, psa_key_slot_number_t *slot_number) { - if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) { + if (attributes->has_slot_number) { *slot_number = attributes->slot_number; return PSA_SUCCESS; } else { @@ -1456,7 +1410,7 @@ psa_status_t psa_export_key_internal( const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length) { - psa_key_type_t type = attributes->core.type; + psa_key_type_t type = attributes->type; if (key_type_is_raw_bytes(type) || PSA_KEY_TYPE_IS_RSA(type) || @@ -1508,17 +1462,14 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, LOCAL_OUTPUT_ALLOC(data_external, data_size, data); - psa_key_attributes_t attributes = { - .core = slot->attr - }; - status = psa_driver_wrapper_export_key(&attributes, + status = psa_driver_wrapper_export_key(&slot->attr, slot->key.data, slot->key.bytes, data, data_size, data_length); #if defined(MBEDTLS_PSA_COPY_CALLER_BUFFERS) exit: #endif - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_OUTPUT_FREE(data_external, data); return (status == PSA_SUCCESS) ? unlock_status : status; @@ -1532,7 +1483,7 @@ psa_status_t psa_export_public_key_internal( size_t data_size, size_t *data_length) { - psa_key_type_t type = attributes->core.type; + psa_key_type_t type = attributes->type; if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || @@ -1599,7 +1550,7 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_attributes_t attributes; + LOCAL_OUTPUT_DECLARE(data_external, data); /* Reject a zero-length output buffer now, since this can never be a @@ -1628,30 +1579,17 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, data, data_size, data_length); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_OUTPUT_FREE(data_external, data); return (status == PSA_SUCCESS) ? unlock_status : status; } -MBEDTLS_STATIC_ASSERT( - (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0, - "One or more key attribute flag is listed as both external-only and dual-use") -MBEDTLS_STATIC_ASSERT( - (PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0, - "One or more key attribute flag is listed as both internal-only and dual-use") -MBEDTLS_STATIC_ASSERT( - (PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0, - "One or more key attribute flag is listed as both internal-only and external-only") - /** Validate that a key policy is internally well-formed. * * This function only rejects invalid policies. It does not validate the @@ -1717,7 +1655,7 @@ static psa_status_t psa_validate_key_attributes( } } - status = psa_validate_key_policy(&attributes->core.policy); + status = psa_validate_key_policy(&attributes->policy); if (status != PSA_SUCCESS) { return status; } @@ -1730,12 +1668,6 @@ static psa_status_t psa_validate_key_attributes( return PSA_ERROR_NOT_SUPPORTED; } - /* Reject invalid flags. These should not be reachable through the API. */ - if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY | - MBEDTLS_PSA_KA_MASK_DUAL_USE)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - return PSA_SUCCESS; } @@ -1787,7 +1719,15 @@ static psa_status_t psa_start_key_creation( return status; } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif if (status != PSA_SUCCESS) { return status; } @@ -1801,7 +1741,7 @@ static psa_status_t psa_start_key_creation( * volatile key identifier associated to the slot returned to contain its * definition. */ - slot->attr = attributes->core; + slot->attr = *attributes; if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) slot->attr.id = volatile_key_id; @@ -1810,13 +1750,6 @@ static psa_status_t psa_start_key_creation( #endif } - /* Erase external-only flags from the internal copy. To access - * external-only flags, query `attributes`. Thanks to the check - * in psa_validate_key_attributes(), this leaves the dual-use - * flags and any internal flag that psa_reserve_free_key_slot() - * may have set. */ - slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY; - #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* For a key in a secure element, we need to do three things * when creating or registering a persistent key: @@ -1843,7 +1776,7 @@ static psa_status_t psa_start_key_creation( return status; } - if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) { + if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->lifetime)) { psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY); psa_crypto_transaction.key.lifetime = slot->attr.lifetime; psa_crypto_transaction.key.slot = slot_number; @@ -1907,6 +1840,11 @@ static psa_status_t psa_finish_key_creation( (void) slot; (void) driver; +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -1946,6 +1884,11 @@ static psa_status_t psa_finish_key_creation( status = psa_save_se_persistent_data(driver); if (status != PSA_SUCCESS) { psa_destroy_persistent_key(slot->attr.id); + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } status = psa_crypto_stop_transaction(); @@ -1961,6 +1904,10 @@ static psa_status_t psa_finish_key_creation( } } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } @@ -1985,6 +1932,13 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, return; } +#if defined(MBEDTLS_THREADING_C) + /* If the lock operation fails we still wipe the slot. + * Operations will no longer work after a failed lock, + * but we still need to wipe the slot of confidential data. */ + mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex); +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* TODO: If the key has already been created in the secure * element, and the failure happened later (when saving metadata @@ -2003,6 +1957,10 @@ static void psa_fail_key_creation(psa_key_slot_t *slot, #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ psa_wipe_key_slot(slot); + +#if defined(MBEDTLS_THREADING_C) + mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex); +#endif } /** Validate optional attributes during key creation. @@ -2018,65 +1976,14 @@ static psa_status_t psa_validate_optional_attributes( const psa_key_slot_t *slot, const psa_key_attributes_t *attributes) { - if (attributes->core.type != 0) { - if (attributes->core.type != slot->attr.type) { - return PSA_ERROR_INVALID_ARGUMENT; - } - } - - if (attributes->domain_parameters_size != 0) { -#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_RSA(slot->attr.type)) { - mbedtls_rsa_context *rsa = NULL; - mbedtls_mpi actual, required; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - psa_status_t status = mbedtls_psa_rsa_load_representation( - slot->attr.type, - slot->key.data, - slot->key.bytes, - &rsa); - if (status != PSA_SUCCESS) { - return status; - } - - mbedtls_mpi_init(&actual); - mbedtls_mpi_init(&required); - ret = mbedtls_rsa_export(rsa, - NULL, NULL, NULL, NULL, &actual); - mbedtls_rsa_free(rsa); - mbedtls_free(rsa); - if (ret != 0) { - goto rsa_exit; - } - ret = mbedtls_mpi_read_binary(&required, - attributes->domain_parameters, - attributes->domain_parameters_size); - if (ret != 0) { - goto rsa_exit; - } - if (mbedtls_mpi_cmp_mpi(&actual, &required) != 0) { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - } -rsa_exit: - mbedtls_mpi_free(&actual); - mbedtls_mpi_free(&required); - if (ret != 0) { - return mbedtls_to_psa_error(ret); - } - } else -#endif /* (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ - { + if (attributes->type != 0) { + if (attributes->type != slot->attr.type) { return PSA_ERROR_INVALID_ARGUMENT; } } - if (attributes->core.bits != 0) { - if (attributes->core.bits != slot->attr.bits) { + if (attributes->bits != 0) { + if (attributes->bits != slot->attr.bits) { return PSA_ERROR_INVALID_ARGUMENT; } } @@ -2123,7 +2030,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the imported key material. */ if (slot->key.data == NULL) { - if (psa_key_lifetime_is_external(attributes->core.lifetime)) { + if (psa_key_lifetime_is_external(attributes->lifetime)) { status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, data_length, &storage_size); if (status != PSA_SUCCESS) { @@ -2244,12 +2151,12 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * equal to the ones of the source key. So it is safe to inherit * them from the source key now." * */ - actual_attributes.core.bits = source_slot->attr.bits; - actual_attributes.core.type = source_slot->attr.type; + actual_attributes.bits = source_slot->attr.bits; + actual_attributes.type = source_slot->attr.type; status = psa_restrict_key_policy(source_slot->attr.type, - &actual_attributes.core.policy, + &actual_attributes.policy, &source_slot->attr.policy); if (status != PSA_SUCCESS) { goto exit; @@ -2278,7 +2185,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, * - For opaque keys this translates to an invocation of the drivers' * copy_key entry point through the dispatch layer. * */ - if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) { + if (psa_key_lifetime_is_external(actual_attributes.lifetime)) { status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes, &storage_size); if (status != PSA_SUCCESS) { @@ -2313,7 +2220,7 @@ exit: psa_fail_key_creation(target_slot, driver); } - unlock_status = psa_unregister_read(source_slot); + unlock_status = psa_unregister_read_under_mutex(source_slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2639,7 +2546,6 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if (operation->id != 0) { @@ -2656,11 +2562,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - - status = psa_mac_finalize_alg_and_key_validation(alg, &attributes, + status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr, &operation->mac_size); if (status != PSA_SUCCESS) { goto exit; @@ -2670,13 +2572,13 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, /* Dispatch the MAC setup call with validated input */ if (is_sign) { status = psa_driver_wrapper_mac_sign_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); } else { status = psa_driver_wrapper_mac_verify_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); @@ -2687,7 +2589,7 @@ exit: psa_mac_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -2846,7 +2748,6 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; uint8_t operation_mac_size = 0; - psa_key_attributes_t attributes; status = psa_get_and_lock_key_slot_with_policy( key, @@ -2857,11 +2758,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - - status = psa_mac_finalize_alg_and_key_validation(alg, &attributes, + status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr, &operation_mac_size); if (status != PSA_SUCCESS) { goto exit; @@ -2873,7 +2770,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key, } status = psa_driver_wrapper_mac_compute( - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, @@ -2893,7 +2790,7 @@ exit: psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -3004,7 +2901,6 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_attributes_t attributes; *signature_length = 0; @@ -3036,19 +2932,15 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - if (input_is_message) { status = psa_driver_wrapper_sign_message( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_size, signature_length); } else { status = psa_driver_wrapper_sign_hash( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_size, signature_length); } @@ -3058,7 +2950,7 @@ exit: psa_wipe_tag_output_buffer(signature, status, signature_size, *signature_length); - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -3090,23 +2982,19 @@ static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key, return status; } - psa_key_attributes_t attributes = { - .core = slot->attr - }; - if (input_is_message) { status = psa_driver_wrapper_verify_message( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_length); } else { status = psa_driver_wrapper_verify_hash( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_length); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; @@ -3237,7 +3125,7 @@ psa_status_t psa_sign_hash_builtin( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, uint8_t *signature, size_t signature_size, size_t *signature_length) { - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ @@ -3252,7 +3140,7 @@ psa_status_t psa_sign_hash_builtin( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3311,7 +3199,7 @@ psa_status_t psa_verify_hash_builtin( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length) { - if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \ @@ -3326,7 +3214,7 @@ psa_status_t psa_verify_hash_builtin( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3390,7 +3278,7 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_attributes_t attributes; + LOCAL_INPUT_DECLARE(input_external, input); LOCAL_INPUT_DECLARE(salt_external, salt); LOCAL_OUTPUT_DECLARE(output_external, output); @@ -3418,19 +3306,16 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - LOCAL_INPUT_ALLOC(input_external, input_length, input); LOCAL_INPUT_ALLOC(salt_external, salt_length, salt); LOCAL_OUTPUT_ALLOC(output_external, output_size, output); + status = psa_driver_wrapper_asymmetric_encrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, output, output_size, output_length); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_INPUT_FREE(input_external, input); LOCAL_INPUT_FREE(salt_external, salt); @@ -3452,7 +3337,6 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_attributes_t attributes; LOCAL_INPUT_DECLARE(input_external, input); LOCAL_INPUT_DECLARE(salt_external, salt); @@ -3480,20 +3364,17 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - LOCAL_INPUT_ALLOC(input_external, input_length, input); LOCAL_INPUT_ALLOC(salt_external, salt_length, salt); LOCAL_OUTPUT_ALLOC(output_external, output_size, output); + status = psa_driver_wrapper_asymmetric_decrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, output, output_size, output_length); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_INPUT_FREE(input_external, input); LOCAL_INPUT_FREE(salt_external, salt); @@ -3561,7 +3442,6 @@ psa_status_t psa_sign_hash_start( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_attributes_t attributes; LOCAL_INPUT_DECLARE(hash_external, hash); @@ -3592,14 +3472,10 @@ psa_status_t psa_sign_hash_start( LOCAL_INPUT_ALLOC(hash_external, hash_length, hash); - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - /* Ensure ops count gets reset, in case of operation re-use. */ operation->num_ops = 0; - status = psa_driver_wrapper_sign_hash_start(operation, &attributes, + status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr, slot->key.data, slot->key.bytes, alg, hash, hash_length); @@ -3610,7 +3486,7 @@ exit: psa_sign_hash_abort_internal(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -3753,14 +3629,10 @@ psa_status_t psa_verify_hash_start( LOCAL_INPUT_ALLOC(hash_external, hash_length, hash); LOCAL_INPUT_ALLOC(signature_external, signature_length, signature); - psa_key_attributes_t attributes = { - .core = slot->attr - }; - /* Ensure ops count gets reset, in case of operation re-use. */ operation->num_ops = 0; - status = psa_driver_wrapper_verify_hash_start(operation, &attributes, + status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr, slot->key.data, slot->key.bytes, alg, hash, hash_length, @@ -3774,7 +3646,7 @@ exit: psa_verify_hash_abort_internal(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (unlock_status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -3901,7 +3773,7 @@ psa_status_t mbedtls_psa_sign_hash_start( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t required_hash_length; - if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) { return PSA_ERROR_NOT_SUPPORTED; } @@ -3918,8 +3790,8 @@ psa_status_t mbedtls_psa_sign_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, + status = mbedtls_psa_ecp_load_representation(attributes->type, + attributes->bits, key_buffer, key_buffer_size, &operation->ctx); @@ -4117,7 +3989,7 @@ psa_status_t mbedtls_psa_verify_hash_start( size_t coordinate_bytes = 0; size_t required_hash_length = 0; - if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) { return PSA_ERROR_NOT_SUPPORTED; } @@ -4136,8 +4008,8 @@ psa_status_t mbedtls_psa_verify_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, + status = mbedtls_psa_ecp_load_representation(attributes->type, + attributes->bits, key_buffer, key_buffer_size, &operation->ctx); @@ -4285,8 +4157,6 @@ static psa_status_t psa_generate_random_internal(uint8_t *output, { GUARD_MODULE_INITIALIZED; - psa_status_t status; - #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) size_t output_length = 0; @@ -4307,24 +4177,24 @@ static psa_status_t psa_generate_random_internal(uint8_t *output, #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ while (output_size > 0) { + int ret = MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; size_t request_size = (output_size > MBEDTLS_PSA_RANDOM_MAX_REQUEST ? MBEDTLS_PSA_RANDOM_MAX_REQUEST : output_size); - int ret = mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, - output, request_size); +#if defined(MBEDTLS_CTR_DRBG_C) + ret = mbedtls_ctr_drbg_random(&global_data.rng.drbg, output, request_size); +#elif defined(MBEDTLS_HMAC_DRBG_C) + ret = mbedtls_hmac_drbg_random(&global_data.rng.drbg, output, request_size); +#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */ if (ret != 0) { - status = mbedtls_to_psa_error(ret); - goto exit; + return mbedtls_to_psa_error(ret); } output_size -= request_size; output += request_size; } - status = PSA_SUCCESS; + return PSA_SUCCESS; #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -exit: - return status; } @@ -4343,7 +4213,6 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ? PSA_KEY_USAGE_ENCRYPT : PSA_KEY_USAGE_DECRYPT); - psa_key_attributes_t attributes; /* A context must be freshly initialized before it can be set up. */ if (operation->id != 0) { @@ -4373,20 +4242,16 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, } operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - /* Try doing the operation through a driver before using software fallback. */ if (cipher_operation == MBEDTLS_ENCRYPT) { status = psa_driver_wrapper_cipher_encrypt_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); } else { status = psa_driver_wrapper_cipher_decrypt_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); @@ -4397,7 +4262,7 @@ exit: psa_cipher_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -4627,7 +4492,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, psa_key_slot_t *slot = NULL; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; size_t default_iv_length = 0; - psa_key_attributes_t attributes; LOCAL_INPUT_DECLARE(input_external, input); LOCAL_OUTPUT_DECLARE(output_external, output); @@ -4644,10 +4508,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) { status = PSA_ERROR_GENERIC_ERROR; @@ -4670,13 +4530,13 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, LOCAL_OUTPUT_ALLOC(output_external, output_size, output); status = psa_driver_wrapper_cipher_encrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, local_iv, default_iv_length, input, input_length, psa_crypto_buffer_offset(output, default_iv_length), output_size - default_iv_length, output_length); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (status == PSA_SUCCESS) { status = unlock_status; } @@ -4707,7 +4567,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - psa_key_attributes_t attributes; LOCAL_INPUT_DECLARE(input_external, input); LOCAL_OUTPUT_DECLARE(output_external, output); @@ -4724,10 +4583,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - if (alg == PSA_ALG_CCM_STAR_NO_TAG && input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) { status = PSA_ERROR_INVALID_ARGUMENT; @@ -4741,12 +4596,12 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, LOCAL_OUTPUT_ALLOC(output_external, output_size, output); status = psa_driver_wrapper_cipher_decrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, input, input_length, output, output_size, output_length); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (status == PSA_SUCCESS) { status = unlock_status; } @@ -4858,10 +4713,6 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, return status; } - psa_key_attributes_t attributes = { - .core = slot->attr - }; - LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce); LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data); LOCAL_INPUT_ALLOC(plaintext_external, plaintext_length, plaintext); @@ -4873,7 +4724,7 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, } status = psa_driver_wrapper_aead_encrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, nonce, nonce_length, additional_data, additional_data_length, @@ -4890,7 +4741,7 @@ exit: LOCAL_INPUT_FREE(plaintext_external, plaintext); LOCAL_OUTPUT_FREE(ciphertext_external, ciphertext); - psa_unregister_read(slot); + psa_unregister_read_under_mutex(slot); return status; } @@ -4928,10 +4779,6 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, return status; } - psa_key_attributes_t attributes = { - .core = slot->attr - }; - LOCAL_INPUT_ALLOC(nonce_external, nonce_length, nonce); LOCAL_INPUT_ALLOC(additional_data_external, additional_data_length, additional_data); @@ -4944,7 +4791,7 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, } status = psa_driver_wrapper_aead_decrypt( - &attributes, slot->key.data, slot->key.bytes, + &slot->attr, slot->key.data, slot->key.bytes, alg, nonce, nonce_length, additional_data, additional_data_length, @@ -4961,7 +4808,7 @@ exit: LOCAL_INPUT_FREE(ciphertext_external, ciphertext); LOCAL_OUTPUT_FREE(plaintext_external, plaintext); - psa_unregister_read(slot); + psa_unregister_read_under_mutex(slot); return status; } @@ -5015,7 +4862,6 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; psa_key_usage_t key_usage = 0; - psa_key_attributes_t attributes; status = psa_aead_check_algorithm(alg); if (status != PSA_SUCCESS) { @@ -5045,23 +4891,19 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) { goto exit; } if (is_encrypt) { status = psa_driver_wrapper_aead_encrypt_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); } else { status = psa_driver_wrapper_aead_decrypt_setup(operation, - &attributes, + &slot->attr, slot->key.data, slot->key.bytes, alg); @@ -5070,10 +4912,10 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, goto exit; } - operation->key_type = psa_get_key_type(&attributes); + operation->key_type = psa_get_key_type(&slot->attr); exit: - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); if (status == PSA_SUCCESS) { status = unlock_status; @@ -6445,7 +6287,6 @@ static psa_status_t psa_generate_derived_key_internal( size_t bytes = PSA_BITS_TO_BYTES(bits); size_t storage_size = bytes; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes; if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { return PSA_ERROR_INVALID_ARGUMENT; @@ -6494,12 +6335,9 @@ static psa_status_t psa_generate_derived_key_internal( } slot->attr.bits = (psa_key_bits_t) bits; - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - if (psa_key_lifetime_is_external(attributes.core.lifetime)) { - status = psa_driver_wrapper_get_key_buffer_size(&attributes, + if (psa_key_lifetime_is_external(slot->attr.lifetime)) { + status = psa_driver_wrapper_get_key_buffer_size(&slot->attr, &storage_size); if (status != PSA_SUCCESS) { goto exit; @@ -6510,7 +6348,7 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - status = psa_driver_wrapper_import_key(&attributes, + status = psa_driver_wrapper_import_key(&slot->attr, data, bytes, slot->key.data, slot->key.bytes, @@ -6524,9 +6362,28 @@ exit: return status; } -psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - mbedtls_svc_key_id_t *key) +static const psa_key_production_parameters_t default_production_parameters = + PSA_KEY_PRODUCTION_PARAMETERS_INIT; + +int psa_key_production_parameters_are_default( + const psa_key_production_parameters_t *params, + size_t params_data_length) +{ + if (params->flags != 0) { + return 0; + } + if (params_data_length != 0) { + return 0; + } + return 1; +} + +psa_status_t psa_key_derivation_output_key_ext( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -6540,6 +6397,10 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute return PSA_ERROR_INVALID_ARGUMENT; } + if (!psa_key_production_parameters_are_default(params, params_data_length)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -6558,7 +6419,7 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ if (status == PSA_SUCCESS) { status = psa_generate_derived_key_internal(slot, - attributes->core.bits, + attributes->bits, operation); } if (status == PSA_SUCCESS) { @@ -6571,6 +6432,15 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute return status; } +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t *key) +{ + return psa_key_derivation_output_key_ext(attributes, operation, + &default_production_parameters, 0, + key); +} /****************************************************************/ @@ -6631,6 +6501,91 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg) return status; } +static psa_status_t psa_key_derivation_set_maximum_capacity( + psa_key_derivation_operation_t *operation, + psa_algorithm_t kdf_alg) +{ +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + return PSA_SUCCESS; + } +#endif +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if (SIZE_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * (size_t) PSA_MAC_LENGTH( + PSA_KEY_TYPE_AES, + 128U, + PSA_ALG_CMAC); +#else + operation->capacity = SIZE_MAX; +#endif + return PSA_SUCCESS; + } +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ + + /* After this point, if kdf_alg is not valid then value of hash_alg may be + * invalid or meaningless but it does not affect this function */ + psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(kdf_alg); + size_t hash_size = PSA_HASH_LENGTH(hash_alg); + if (hash_size == 0) { + return PSA_ERROR_NOT_SUPPORTED; + } + + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + psa_status_t status = psa_hash_try_support(hash_alg); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(PSA_WANT_ALG_HKDF) + if (PSA_ALG_IS_HKDF(kdf_alg)) { + operation->capacity = 255 * hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) + if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { + operation->capacity = hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_HKDF_EXPAND) + if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { + operation->capacity = 255 * hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_TLS12_PRF) + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) && + (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { + operation->capacity = SIZE_MAX; + } else +#endif +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) + if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) && + (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { + /* Master Secret is always 48 bytes + * https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */ + operation->capacity = 48U; + } else +#endif +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if (SIZE_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * hash_size; +#else + operation->capacity = SIZE_MAX; +#endif + } else +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + { + (void) hash_size; + status = PSA_ERROR_NOT_SUPPORTED; + } + return status; +} + static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg) @@ -6644,43 +6599,9 @@ static psa_status_t psa_key_derivation_setup_kdf( return PSA_ERROR_NOT_SUPPORTED; } - /* All currently supported key derivation algorithms (apart from - * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */ - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); - size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { - hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); - } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); - } else { - if (hash_size == 0) { - return PSA_ERROR_NOT_SUPPORTED; - } - - /* Make sure that hash_alg is a supported hash algorithm. Otherwise - * we might fail later, which is somewhat unfriendly and potentially - * risk-prone. */ - psa_status_t status = psa_hash_try_support(hash_alg); - if (status != PSA_SUCCESS) { - return status; - } - } - - if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) && - !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { - return PSA_ERROR_NOT_SUPPORTED; - } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) - if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) || - (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)) { - operation->capacity = hash_size; - } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ - operation->capacity = 255 * hash_size; - return PSA_SUCCESS; + psa_status_t status = psa_key_derivation_set_maximum_capacity(operation, + kdf_alg); + return status; } static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg) @@ -7478,7 +7399,7 @@ psa_status_t psa_key_derivation_input_key( slot->key.data, slot->key.bytes); - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7553,11 +7474,7 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg, return PSA_ERROR_NOT_SUPPORTED; } - psa_key_attributes_t attributes = { - .core = private_key->attr - }; - - return psa_driver_wrapper_key_agreement(&attributes, + return psa_driver_wrapper_key_agreement(&private_key->attr, private_key->key.data, private_key->key.bytes, alg, peer_key, peer_key_length, @@ -7576,7 +7493,7 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o size_t peer_key_length) { psa_status_t status; - uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE]; + uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE] = { 0 }; size_t shared_secret_length = 0; psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg); @@ -7642,8 +7559,9 @@ exit: } } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_INPUT_FREE(peer_key_external, peer_key); + return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7714,7 +7632,7 @@ exit: *output_length = 0; } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); LOCAL_INPUT_FREE(peer_key_external, peer_key); LOCAL_OUTPUT_FREE(output_external, output); @@ -7758,7 +7676,7 @@ static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng) MBEDTLS_ENTROPY_SOURCE_STRONG); #endif - mbedtls_psa_drbg_init(MBEDTLS_PSA_RANDOM_STATE); + mbedtls_psa_drbg_init(&rng->drbg); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } @@ -7769,7 +7687,7 @@ static void mbedtls_psa_random_free(mbedtls_psa_random_context_t *rng) #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) memset(rng, 0, sizeof(*rng)); #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - mbedtls_psa_drbg_free(MBEDTLS_PSA_RANDOM_STATE); + mbedtls_psa_drbg_free(&rng->drbg); rng->entropy_free(&rng->entropy); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ } @@ -7784,7 +7702,7 @@ static psa_status_t mbedtls_psa_random_seed(mbedtls_psa_random_context_t *rng) return PSA_SUCCESS; #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ const unsigned char drbg_seed[] = "PSA"; - int ret = mbedtls_psa_drbg_seed(&rng->entropy, + int ret = mbedtls_psa_drbg_seed(&rng->drbg, &rng->entropy, drbg_seed, sizeof(drbg_seed) - 1); return mbedtls_to_psa_error(ret); #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ @@ -7807,39 +7725,6 @@ exit: return status; } -/* Wrapper function allowing the classic API to use the PSA RNG. - * - * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls - * `psa_generate_random(...)`. The state parameter is ignored since the - * PSA API doesn't support passing an explicit state. - * - * In the non-external case, psa_generate_random() calls an - * `mbedtls_xxx_drbg_random` function which has exactly the same signature - * and semantics as mbedtls_psa_get_random(). As an optimization, - * instead of doing this back-and-forth between the PSA API and the - * classic API, psa_crypto_random_impl.h defines `mbedtls_psa_get_random` - * as a constant function pointer to `mbedtls_xxx_drbg_random`. - */ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -int mbedtls_psa_get_random(void *p_rng, - unsigned char *output, - size_t output_size) -{ - /* This function takes a pointer to the RNG state because that's what - * classic mbedtls functions using an RNG expect. The PSA RNG manages - * its own state internally and doesn't let the caller access that state. - * So we just ignore the state parameter, and in practice we'll pass - * NULL. */ - (void) p_rng; - psa_status_t status = psa_generate_random(output, output_size); - if (status == PSA_SUCCESS) { - return 0; - } else { - return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; - } -} -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - #if defined(MBEDTLS_PSA_INJECT_ENTROPY) psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, size_t seed_size) @@ -7864,7 +7749,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * \param bits The number of bits of the key * * \retval #PSA_SUCCESS - * The key type and size are valid. + * The key type and size are valid. * \retval #PSA_ERROR_INVALID_ARGUMENT * The size in bits of the key is not valid. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -7922,18 +7807,18 @@ static psa_status_t psa_validate_key_type_and_size_for_key_generation( psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = attributes->core.type; + psa_key_type_t type = attributes->type; - if ((attributes->domain_parameters == NULL) && - (attributes->domain_parameters_size != 0)) { - return PSA_ERROR_INVALID_ARGUMENT; - } + /* Only used for RSA */ + (void) params; + (void) params_data_length; if (key_type_is_raw_bytes(type)) { - status = psa_generate_random(key_buffer, key_buffer_size); + status = psa_generate_random_internal(key_buffer, key_buffer_size); if (status != PSA_SUCCESS) { return status; } @@ -7948,6 +7833,7 @@ psa_status_t psa_generate_key_internal( #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { return mbedtls_psa_rsa_generate_key(attributes, + params, params_data_length, key_buffer, key_buffer_size, key_buffer_length); @@ -7979,8 +7865,10 @@ psa_status_t psa_generate_key_internal( return PSA_SUCCESS; } -psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, - mbedtls_svc_key_id_t *key) +psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key) { psa_status_t status; psa_key_slot_t *slot = NULL; @@ -7996,7 +7884,18 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, } /* Reject any attempt to create a public key. */ - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) + if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (params->flags != 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } else +#endif + if (!psa_key_production_parameters_are_default(params, params_data_length)) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -8011,17 +7910,17 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the generated key material. */ if (slot->key.data == NULL) { - if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) == + if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) == PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( - attributes->core.type, attributes->core.bits); + attributes->type, attributes->bits); if (status != PSA_SUCCESS) { goto exit; } key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE( - attributes->core.type, - attributes->core.bits); + attributes->type, + attributes->bits); } else { status = psa_driver_wrapper_get_key_buffer_size( attributes, &key_buffer_size); @@ -8037,8 +7936,9 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, } status = psa_driver_wrapper_generate_key(attributes, - slot->key.data, slot->key.bytes, &slot->key.bytes); - + params, params_data_length, + slot->key.data, slot->key.bytes, + &slot->key.bytes); if (status != PSA_SUCCESS) { psa_remove_key_data_from_memory(slot); } @@ -8054,6 +7954,14 @@ exit: return status; } +psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) +{ + return psa_generate_key_ext(attributes, + &default_production_parameters, 0, + key); +} + /****************************************************************/ /* Module setup */ /****************************************************************/ @@ -8326,7 +8234,6 @@ psa_status_t psa_pake_set_password_key( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - psa_key_attributes_t attributes; psa_key_type_t type; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -8341,11 +8248,7 @@ psa_status_t psa_pake_set_password_key( goto exit; } - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - - type = psa_get_key_type(&attributes); + type = psa_get_key_type(&slot->attr); if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { @@ -8361,12 +8264,13 @@ psa_status_t psa_pake_set_password_key( memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); operation->data.inputs.password_len = slot->key.bytes; - operation->data.inputs.attributes = attributes; + operation->data.inputs.attributes = slot->attr; + exit: if (status != PSA_SUCCESS) { psa_pake_abort(operation); } - unlock_status = psa_unregister_read(slot); + unlock_status = psa_unregister_read_under_mutex(slot); return (status == PSA_SUCCESS) ? unlock_status : status; } diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c index 49aa961..a201985 100644 --- a/library/psa_crypto_aead.c +++ b/library/psa_crypto_aead.c @@ -33,10 +33,10 @@ static psa_status_t psa_aead_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_cipher_id_t cipher_id; mbedtls_cipher_mode_t mode; - size_t key_bits = attributes->core.bits; + size_t key_bits = attributes->bits; (void) key_buffer_size; - status = mbedtls_cipher_values_from_psa(alg, attributes->core.type, + status = mbedtls_cipher_values_from_psa(alg, attributes->type, &key_bits, &mode, &cipher_id); if (status != PSA_SUCCESS) { return status; @@ -49,7 +49,7 @@ static psa_status_t psa_aead_setup( /* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16. * The call to mbedtls_ccm_encrypt_and_tag or * mbedtls_ccm_auth_decrypt will validate the tag length. */ - if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) { + if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -69,7 +69,7 @@ static psa_status_t psa_aead_setup( /* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16. * The call to mbedtls_gcm_crypt_and_tag or * mbedtls_gcm_auth_decrypt will validate the tag length. */ - if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) { + if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) { return PSA_ERROR_INVALID_ARGUMENT; } diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index d70a275..881d673 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -289,14 +289,14 @@ static psa_status_t psa_cipher_setup( int ret = 0; size_t key_bits; const mbedtls_cipher_info_t *cipher_info = NULL; - psa_key_type_t key_type = attributes->core.type; + psa_key_type_t key_type = attributes->type; (void) key_buffer_size; mbedtls_cipher_init(&operation->ctx.cipher); operation->alg = alg; - key_bits = attributes->core.bits; + key_bits = attributes->bits; cipher_info = mbedtls_cipher_info_from_psa(alg, key_type, key_bits, NULL); if (cipher_info == NULL) { diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c index 472d3d3..72f671d 100644 --- a/library/psa_crypto_client.c +++ b/library/psa_crypto_client.c @@ -16,57 +16,7 @@ void psa_reset_key_attributes(psa_key_attributes_t *attributes) { - mbedtls_free(attributes->domain_parameters); memset(attributes, 0, sizeof(*attributes)); } -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, - psa_key_type_t type, - const uint8_t *data, - size_t data_length) -{ - uint8_t *copy = NULL; - - if (data_length != 0) { - copy = mbedtls_calloc(1, data_length); - if (copy == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - memcpy(copy, data, data_length); - } - /* After this point, this function is guaranteed to succeed, so it - * can start modifying `*attributes`. */ - - if (attributes->domain_parameters != NULL) { - mbedtls_free(attributes->domain_parameters); - attributes->domain_parameters = NULL; - attributes->domain_parameters_size = 0; - } - - attributes->domain_parameters = copy; - attributes->domain_parameters_size = data_length; - attributes->core.type = type; - return PSA_SUCCESS; -} - -psa_status_t psa_get_key_domain_parameters( - const psa_key_attributes_t *attributes, - uint8_t *data, size_t data_size, size_t *data_length) -{ - if (attributes->domain_parameters == NULL && - attributes->domain_parameters_size == SIZE_MAX) { - return PSA_ERROR_NOT_SUPPORTED; - } - - if (attributes->domain_parameters_size > data_size) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - *data_length = attributes->domain_parameters_size; - if (attributes->domain_parameters_size != 0) { - memcpy(data, attributes->domain_parameters, - attributes->domain_parameters_size); - } - return PSA_SUCCESS; -} - #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 67966f9..4d47594 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -20,6 +20,9 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif /** * Tell if PSA is ready for this hash. @@ -56,7 +59,7 @@ typedef enum { * and metadata for one key. */ typedef struct { - psa_core_key_attributes_t attr; + psa_key_attributes_t attr; /* * The current state of the key slot, as described in @@ -86,7 +89,9 @@ typedef struct { * A function must call psa_register_read(slot) before reading the current * contents of the slot for an operation. * They then must call psa_unregister_read(slot) once they have finished - * reading the current contents of the slot. + * reading the current contents of the slot. If the key slot mutex is not + * held (when mutexes are enabled), this call must be done via a call to + * psa_unregister_read_under_mutex(slot). * A function must call psa_key_slot_has_readers(slot) to check if * the slot is in use for reading. * @@ -111,10 +116,48 @@ typedef struct { } key; } psa_key_slot_t; -/* A mask of key attribute flags used only internally. - * Currently there aren't any. */ -#define PSA_KA_MASK_INTERNAL_ONLY ( \ - 0) +#if defined(MBEDTLS_THREADING_C) + +/** Perform a mutex operation and return immediately upon failure. + * + * Returns PSA_ERROR_SERVICE_FAILURE if the operation fails + * and status was PSA_SUCCESS. + * + * Assumptions: + * psa_status_t status exists. + * f is a mutex operation which returns 0 upon success. + */ +#define PSA_THREADING_CHK_RET(f) \ + do \ + { \ + if ((f) != 0) { \ + if (status == PSA_SUCCESS) { \ + return PSA_ERROR_SERVICE_FAILURE; \ + } \ + return status; \ + } \ + } while (0); + +/** Perform a mutex operation and goto exit on failure. + * + * Sets status to PSA_ERROR_SERVICE_FAILURE if status was PSA_SUCCESS. + * + * Assumptions: + * psa_status_t status exists. + * Label exit: exists. + * f is a mutex operation which returns 0 upon success. + */ +#define PSA_THREADING_CHK_GOTO_EXIT(f) \ + do \ + { \ + if ((f) != 0) { \ + if (status == PSA_SUCCESS) { \ + status = PSA_ERROR_SERVICE_FAILURE; \ + } \ + goto exit; \ + } \ + } while (0); +#endif /** Test whether a key slot has any registered readers. * If multi-threading is enabled, the caller must hold the @@ -129,56 +172,6 @@ static inline int psa_key_slot_has_readers(const psa_key_slot_t *slot) return slot->registered_readers > 0; } -/** Retrieve flags from psa_key_slot_t::attr::core::flags. - * - * \param[in] slot The key slot to query. - * \param mask The mask of bits to extract. - * - * \return The key attribute flags in the given slot, - * bitwise-anded with \p mask. - */ -static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot, - uint16_t mask) -{ - return slot->attr.flags & mask; -} - -/** Set flags in psa_key_slot_t::attr::core::flags. - * - * \param[in,out] slot The key slot to modify. - * \param mask The mask of bits to modify. - * \param value The new value of the selected bits. - */ -static inline void psa_key_slot_set_flags(psa_key_slot_t *slot, - uint16_t mask, - uint16_t value) -{ - slot->attr.flags = ((~mask & slot->attr.flags) | - (mask & value)); -} - -/** Turn on flags in psa_key_slot_t::attr::core::flags. - * - * \param[in,out] slot The key slot to modify. - * \param mask The mask of bits to set. - */ -static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot, - uint16_t mask) -{ - slot->attr.flags |= mask; -} - -/** Turn off flags in psa_key_slot_t::attr::core::flags. - * - * \param[in,out] slot The key slot to modify. - * \param mask The mask of bits to clear. - */ -static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot, - uint16_t mask) -{ - slot->attr.flags &= ~mask; -} - #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /** Get the SE slot number of a key from the key slot storing its description. * @@ -350,6 +343,18 @@ psa_status_t psa_export_public_key_internal( const uint8_t *key_buffer, size_t key_buffer_size, uint8_t *data, size_t data_size, size_t *data_length); +/** Whether a key production parameters structure is the default. + * + * Calls to a key generation driver with non-default production parameters + * require a driver supporting custom production parameters. + * + * \param[in] params The key production parameters to check. + * \param params_data_length Size of `params->data` in bytes. + */ +int psa_key_production_parameters_are_default( + const psa_key_production_parameters_t *params, + size_t params_data_length); + /** * \brief Generate a key. * @@ -357,6 +362,9 @@ psa_status_t psa_export_public_key_internal( * entry point. * * \param[in] attributes The attributes for the key to generate. + * \param[in] params The production parameters from + * psa_generate_key_ext(). + * \param params_data_length The size of `params->data` in bytes. * \param[out] key_buffer Buffer where the key data is to be written. * \param[in] key_buffer_size Size of \p key_buffer in bytes. * \param[out] key_buffer_length On success, the number of bytes written in @@ -371,6 +379,8 @@ psa_status_t psa_export_public_key_internal( * The size of \p key_buffer is too small. */ psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, + size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index db08541..95baff6 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -216,8 +216,8 @@ psa_status_t mbedtls_psa_ecp_import_key( mbedtls_ecp_keypair *ecp = NULL; /* Parse input */ - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, + status = mbedtls_psa_ecp_load_representation(attributes->type, + attributes->bits, data, data_length, &ecp); @@ -225,7 +225,7 @@ psa_status_t mbedtls_psa_ecp_import_key( goto exit; } - if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == + if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type) == PSA_ECC_FAMILY_MONTGOMERY) { *bits = ecp->grp.nbits + 1; } else { @@ -235,7 +235,7 @@ psa_status_t mbedtls_psa_ecp_import_key( /* Re-export the data to PSA export format. There is currently no support * for other input formats then the export format, so this is a 1-1 * copy operation. */ - status = mbedtls_psa_ecp_export_key(attributes->core.type, + status = mbedtls_psa_ecp_export_key(attributes->type, ecp, key_buffer, key_buffer_size, @@ -281,20 +281,8 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, return status; } else { - if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - status = mbedtls_to_psa_error( - mbedtls_ecp_write_key(ecp, - data, - PSA_BITS_TO_BYTES(ecp->grp.nbits))); - if (status == PSA_SUCCESS) { - *data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits); - } else { - memset(data, 0, data_size); - } - + mbedtls_ecp_write_key_ext(ecp, data_length, data, data_size)); return status; } } @@ -308,7 +296,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key( mbedtls_ecp_keypair *ecp = NULL; status = mbedtls_psa_ecp_load_representation( - attributes->core.type, attributes->core.bits, + attributes->type, attributes->bits, key_buffer, key_buffer_size, &ecp); if (status != PSA_SUCCESS) { return status; @@ -316,7 +304,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key( status = mbedtls_psa_ecp_export_key( PSA_KEY_TYPE_ECC_PUBLIC_KEY( - PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)), + PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)), ecp, data, data_size, data_length); mbedtls_ecp_keypair_free(ecp); @@ -337,18 +325,14 @@ psa_status_t mbedtls_psa_ecp_generate_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( - attributes->core.type); + attributes->type); mbedtls_ecp_group_id grp_id = - mbedtls_ecc_group_from_psa(curve, attributes->core.bits); + mbedtls_ecc_group_from_psa(curve, attributes->bits); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); mbedtls_ecp_keypair ecp; - if (attributes->domain_parameters_size != 0) { - return PSA_ERROR_NOT_SUPPORTED; - } - if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) { return PSA_ERROR_NOT_SUPPORTED; } @@ -363,14 +347,11 @@ psa_status_t mbedtls_psa_ecp_generate_key( } status = mbedtls_to_psa_error( - mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size)); + mbedtls_ecp_write_key_ext(&ecp, key_buffer_length, + key_buffer, key_buffer_size)); mbedtls_ecp_keypair_free(&ecp); - if (status == PSA_SUCCESS) { - *key_buffer_length = key_buffer_size; - } - return status; } #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ @@ -393,8 +374,8 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( size_t curve_bytes; mbedtls_mpi r, s; - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, + status = mbedtls_psa_ecp_load_representation(attributes->type, + attributes->bits, key_buffer, key_buffer_size, &ecp); @@ -480,8 +461,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( (void) alg; - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, + status = mbedtls_psa_ecp_load_representation(attributes->type, + attributes->bits, key_buffer, key_buffer_size, &ecp); @@ -545,14 +526,14 @@ psa_status_t mbedtls_psa_key_agreement_ecdh( size_t *shared_secret_length) { psa_status_t status; - if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->core.type) || + if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type) || !PSA_ALG_IS_ECDH(alg)) { return PSA_ERROR_INVALID_ARGUMENT; } mbedtls_ecp_keypair *ecp = NULL; status = mbedtls_psa_ecp_load_representation( - attributes->core.type, - attributes->core.bits, + attributes->type, + attributes->bits, key_buffer, key_buffer_size, &ecp); diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index a57f02e..ae38f6d 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -10,6 +10,12 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) +/* This header is only needed because it defines + * MBEDTLS_DHM_RFC7919_FFDHEXXXX_[P|G]_BIN symbols that are used in + * mbedtls_psa_ffdh_set_prime_generator(). Apart from that, this module + * only uses bignum functions for arithmetic. */ +#include <mbedtls/dhm.h> + #include <psa/crypto.h> #include "psa_crypto_core.h" #include "psa_crypto_ffdh.h" @@ -35,58 +41,78 @@ static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, return PSA_ERROR_INVALID_ARGUMENT; } +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048) static const unsigned char dhm_P_2048[] = MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN; - static const unsigned char dhm_P_3072[] = - MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN; - static const unsigned char dhm_P_4096[] = - MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN; - static const unsigned char dhm_P_6144[] = - MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN; - static const unsigned char dhm_P_8192[] = - MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN; static const unsigned char dhm_G_2048[] = MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072) + static const unsigned char dhm_P_3072[] = + MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN; static const unsigned char dhm_G_3072[] = MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096) + static const unsigned char dhm_P_4096[] = + MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN; static const unsigned char dhm_G_4096[] = MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144) + static const unsigned char dhm_P_6144[] = + MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN; static const unsigned char dhm_G_6144[] = MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192) + static const unsigned char dhm_P_8192[] = + MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN; static const unsigned char dhm_G_8192[] = MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */ switch (key_size) { +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048) case sizeof(dhm_P_2048): dhm_P = dhm_P_2048; dhm_G = dhm_G_2048; dhm_size_P = sizeof(dhm_P_2048); dhm_size_G = sizeof(dhm_G_2048); break; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072) case sizeof(dhm_P_3072): dhm_P = dhm_P_3072; dhm_G = dhm_G_3072; dhm_size_P = sizeof(dhm_P_3072); dhm_size_G = sizeof(dhm_G_3072); break; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096) case sizeof(dhm_P_4096): dhm_P = dhm_P_4096; dhm_G = dhm_G_4096; dhm_size_P = sizeof(dhm_P_4096); dhm_size_G = sizeof(dhm_G_4096); break; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144) case sizeof(dhm_P_6144): dhm_P = dhm_P_6144; dhm_G = dhm_G_6144; dhm_size_P = sizeof(dhm_P_6144); dhm_size_G = sizeof(dhm_G_6144); break; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */ +#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192) case sizeof(dhm_P_8192): dhm_P = dhm_P_8192; dhm_G = dhm_G_8192; dhm_size_P = sizeof(dhm_P_8192); dhm_size_G = sizeof(dhm_G_8192); break; +#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */ default: return PSA_ERROR_INVALID_ARGUMENT; } @@ -125,7 +151,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GX, G, X, P; - psa_key_type_t type = attributes->core.type; + psa_key_type_t type = attributes->type; if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { if (key_buffer_size > data_size) { @@ -141,7 +167,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key( mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); - size_t key_len = PSA_BITS_TO_BYTES(attributes->core.bits); + size_t key_len = PSA_BITS_TO_BYTES(attributes->bits); status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G); @@ -257,7 +283,7 @@ psa_status_t mbedtls_psa_ffdh_key_agreement( mbedtls_mpi_init(&K); status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + PSA_BITS_TO_BYTES(attributes->bits), &P, &G); if (status != PSA_SUCCESS) { goto cleanup; diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index baeb928..79accd1 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -10,7 +10,6 @@ #define PSA_CRYPTO_FFDH_H #include <psa/crypto.h> -#include <mbedtls/dhm.h> /** Perform a key agreement and return the FFDH shared secret. * diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 64b8949..533fb2e 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -1,14 +1,6 @@ /** \file psa_crypto_random_impl.h * * \brief PSA crypto random generator implementation abstraction. - * - * The definitions here need to be consistent with the declarations - * in include/psa_util_internal.h. This file contains some redundant - * declarations to increase the chance that a compiler will detect - * inconsistencies if one file is changed without updating the other, - * but not all potential inconsistencies can be enforced, so make sure - * to check the public declarations and contracts in - * include/psa_util_internal.h if you modify this file. */ /* * Copyright The Mbed TLS Contributors @@ -22,22 +14,12 @@ #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) -#include <string.h> -#include <mbedtls/entropy.h> // only for error codes -#include <psa/crypto.h> - typedef mbedtls_psa_external_random_context_t mbedtls_psa_random_context_t; -/* Trivial wrapper around psa_generate_random(). */ -int mbedtls_psa_get_random(void *p_rng, - unsigned char *output, - size_t output_size); - -/* The PSA RNG API doesn't need any externally maintained state. */ -#define MBEDTLS_PSA_RANDOM_STATE NULL - #else /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +#include "mbedtls/entropy.h" + /* Choose a DRBG based on configuration and availability */ #if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) @@ -67,11 +49,37 @@ int mbedtls_psa_get_random(void *p_rng, #error "No hash algorithm available for HMAC_DBRG." #endif -#else +#else /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/ + #error "No DRBG module available for the psa_crypto module." + +#endif /* !MBEDTLS_PSA_HMAC_DRBG_MD_TYPE && !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C*/ + +#if defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/ctr_drbg.h" +#elif defined(MBEDTLS_HMAC_DRBG_C) +#include "mbedtls/hmac_drbg.h" +#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */ + +/* The maximum number of bytes that mbedtls_psa_get_random() is expected to return. */ +#if defined(MBEDTLS_CTR_DRBG_C) +#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST +#elif defined(MBEDTLS_HMAC_DRBG_C) +#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST #endif -#include "mbedtls/entropy.h" +#if defined(MBEDTLS_CTR_DRBG_C) +typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t; +#elif defined(MBEDTLS_HMAC_DRBG_C) +typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t; +#endif /* !MBEDTLS_CTR_DRBG_C && !MBEDTLS_HMAC_DRBG_C */ + +typedef struct { + void (* entropy_init)(mbedtls_entropy_context *ctx); + void (* entropy_free)(mbedtls_entropy_context *ctx); + mbedtls_entropy_context entropy; + mbedtls_psa_drbg_context_t drbg; +} mbedtls_psa_random_context_t; /** Initialize the PSA DRBG. * @@ -99,63 +107,6 @@ static inline void mbedtls_psa_drbg_free(mbedtls_psa_drbg_context_t *p_rng) #endif } -/** The type of the PSA random generator context. - * - * The random generator context is composed of an entropy context and - * a DRBG context. - */ -typedef struct { - void (* entropy_init)(mbedtls_entropy_context *ctx); - void (* entropy_free)(mbedtls_entropy_context *ctx); - mbedtls_entropy_context entropy; - mbedtls_psa_drbg_context_t drbg; -} mbedtls_psa_random_context_t; - -/* Defined in include/psa_util_internal.h so that it's visible to - * application code. The declaration here is redundant, but included - * as a safety net to make it more likely that a future change that - * accidentally causes the implementation to diverge from the interface - * will be noticed. */ -/* Do not include the declaration under MSVC because it doesn't accept it - * ("error C2370: 'mbedtls_psa_get_random' : redefinition; different storage class"). - * Observed with Visual Studio 2013. A known bug apparently: - * https://stackoverflow.com/questions/8146541/duplicate-external-static-declarations-not-allowed-in-visual-studio - */ -#if !defined(_MSC_VER) -static mbedtls_f_rng_t *const mbedtls_psa_get_random; -#endif - -/** The maximum number of bytes that mbedtls_psa_get_random() is expected to - * return. - */ -#if defined(MBEDTLS_CTR_DRBG_C) -#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_CTR_DRBG_MAX_REQUEST -#elif defined(MBEDTLS_HMAC_DRBG_C) -#define MBEDTLS_PSA_RANDOM_MAX_REQUEST MBEDTLS_HMAC_DRBG_MAX_REQUEST -#endif - -/** A pointer to the PSA DRBG state. - * - * This variable is only intended to be used through the macro - * #MBEDTLS_PSA_RANDOM_STATE. - */ -/* psa_crypto.c sets this variable to a pointer to the DRBG state in the - * global PSA crypto state. */ -/* The type `mbedtls_psa_drbg_context_t` is defined in - * include/psa_util_internal.h so that `mbedtls_psa_random_state` can be - * declared there and be visible to application code. */ -extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; - -/** A pointer to the PSA DRBG state. - * - * This macro expands to an expression that is suitable as the \c p_rng - * parameter to pass to mbedtls_psa_get_random(). - * - * This macro exists in all configurations where the psa_crypto module is - * enabled. Its expansion depends on the configuration. - */ -#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state - /** Seed the PSA DRBG. * * \param entropy An entropy context to read the seed from. @@ -167,23 +118,15 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; * \return \c 0 on success. * \return An Mbed TLS error code (\c MBEDTLS_ERR_xxx) on failure. */ -static inline int mbedtls_psa_drbg_seed( - mbedtls_entropy_context *entropy, - const unsigned char *custom, size_t len) +static inline int mbedtls_psa_drbg_seed(mbedtls_psa_drbg_context_t *drbg_ctx, + mbedtls_entropy_context *entropy, + const unsigned char *custom, size_t len) { #if defined(MBEDTLS_CTR_DRBG_C) - return mbedtls_ctr_drbg_seed(MBEDTLS_PSA_RANDOM_STATE, - mbedtls_entropy_func, - entropy, - custom, len); + return mbedtls_ctr_drbg_seed(drbg_ctx, mbedtls_entropy_func, entropy, custom, len); #elif defined(MBEDTLS_HMAC_DRBG_C) - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE); - return mbedtls_hmac_drbg_seed(MBEDTLS_PSA_RANDOM_STATE, - md_info, - mbedtls_entropy_func, - entropy, - custom, len); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE); + return mbedtls_hmac_drbg_seed(drbg_ctx, md_info, mbedtls_entropy_func, entropy, custom, len); #endif } diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 7b58ea2..2f613b3 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -24,8 +24,7 @@ #include <mbedtls/rsa.h> #include <mbedtls/error.h> -#include <mbedtls/pk.h> -#include "pk_wrap.h" +#include "rsa_internal.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ @@ -62,50 +61,38 @@ psa_status_t mbedtls_psa_rsa_load_representation( mbedtls_rsa_context **p_rsa) { psa_status_t status; - mbedtls_pk_context ctx; size_t bits; - mbedtls_pk_init(&ctx); + + *p_rsa = mbedtls_calloc(1, sizeof(mbedtls_rsa_context)); + if (*p_rsa == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + mbedtls_rsa_init(*p_rsa); /* Parse the data. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - status = mbedtls_to_psa_error( - mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); + status = mbedtls_to_psa_error(mbedtls_rsa_parse_key(*p_rsa, data, data_length)); } else { - status = mbedtls_to_psa_error( - mbedtls_pk_parse_public_key(&ctx, data, data_length)); + status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, data, data_length)); } if (status != PSA_SUCCESS) { goto exit; } - /* We have something that the pkparse module recognizes. If it is a - * valid RSA key, store it. */ - if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS * supports non-byte-aligned key sizes, but not well. For example, * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */ - bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx))); + bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(*p_rsa)); if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; } - status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx)); + status = psa_check_rsa_key_byte_aligned(*p_rsa); if (status != PSA_SUCCESS) { goto exit; } - /* Copy out the pointer to the RSA context, and reset the PK context - * such that pk_free doesn't free the RSA context we just grabbed. */ - *p_rsa = mbedtls_pk_rsa(ctx); - ctx.pk_info = NULL; - exit: - mbedtls_pk_free(&ctx); return status; } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || @@ -129,7 +116,7 @@ psa_status_t mbedtls_psa_rsa_import_key( mbedtls_rsa_context *rsa = NULL; /* Parse input */ - status = mbedtls_psa_rsa_load_representation(attributes->core.type, + status = mbedtls_psa_rsa_load_representation(attributes->type, data, data_length, &rsa); @@ -143,7 +130,7 @@ psa_status_t mbedtls_psa_rsa_import_key( * representation in the key slot. Export representation in case of RSA is * the smallest representation that's allowed as input, so a straight-up * allocation of the same size as the input buffer will be large enough. */ - status = mbedtls_psa_rsa_export_key(attributes->core.type, + status = mbedtls_psa_rsa_export_key(attributes->type, rsa, key_buffer, key_buffer_size, @@ -168,20 +155,15 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, size_t *data_length) { int ret; - mbedtls_pk_context pk; - uint8_t *pos = data + data_size; - - mbedtls_pk_init(&pk); - pk.pk_info = &mbedtls_rsa_info; - pk.pk_ctx = rsa; + uint8_t *end = data + data_size; /* PSA Crypto API defines the format of an RSA key as a DER-encoded * representation of the non-encrypted PKCS#1 RSAPrivateKey for a * private key and of the RFC3279 RSAPublicKey for a public key. */ if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) { - ret = mbedtls_pk_write_key_der(&pk, data, data_size); + ret = mbedtls_rsa_write_key(rsa, data, &end); } else { - ret = mbedtls_pk_write_pubkey(&pos, data, &pk); + ret = mbedtls_rsa_write_pubkey(rsa, data, &end); } if (ret < 0) { @@ -214,7 +196,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( mbedtls_rsa_context *rsa = NULL; status = mbedtls_psa_rsa_load_representation( - attributes->core.type, key_buffer, key_buffer_size, &rsa); + attributes->type, key_buffer, key_buffer_size, &rsa); if (status != PSA_SUCCESS) { return status; } @@ -234,26 +216,21 @@ psa_status_t mbedtls_psa_rsa_export_public_key( * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, - size_t domain_parameters_size, +static psa_status_t psa_rsa_read_exponent(const uint8_t *e_bytes, + size_t e_length, int *exponent) { size_t i; uint32_t acc = 0; - if (domain_parameters_size == 0) { - *exponent = 65537; - return PSA_SUCCESS; - } - /* Mbed TLS encodes the public exponent as an int. For simplicity, only * support values that fit in a 32-bit integer, which is larger than * int on just about every platform anyway. */ - if (domain_parameters_size > sizeof(acc)) { + if (e_length > sizeof(acc)) { return PSA_ERROR_NOT_SUPPORTED; } - for (i = 0; i < domain_parameters_size; i++) { - acc = (acc << 8) | domain_parameters[i]; + for (i = 0; i < e_length; i++) { + acc = (acc << 8) | e_bytes[i]; } if (acc > INT_MAX) { return PSA_ERROR_NOT_SUPPORTED; @@ -264,31 +241,33 @@ static psa_status_t psa_rsa_read_exponent(const uint8_t *domain_parameters, psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length) { psa_status_t status; mbedtls_rsa_context rsa; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int exponent; + int exponent = 65537; - status = psa_rsa_read_exponent(attributes->domain_parameters, - attributes->domain_parameters_size, - &exponent); - if (status != PSA_SUCCESS) { - return status; + if (params_data_length != 0) { + status = psa_rsa_read_exponent(params->data, params_data_length, + &exponent); + if (status != PSA_SUCCESS) { + return status; + } } mbedtls_rsa_init(&rsa); ret = mbedtls_rsa_gen_key(&rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - (unsigned int) attributes->core.bits, + (unsigned int) attributes->bits, exponent); if (ret != 0) { return mbedtls_to_psa_error(ret); } - status = mbedtls_psa_rsa_export_key(attributes->core.type, + status = mbedtls_psa_rsa_export_key(attributes->type, &rsa, key_buffer, key_buffer_size, key_buffer_length); mbedtls_rsa_free(&rsa); @@ -346,7 +325,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = mbedtls_psa_rsa_load_representation(attributes->core.type, + status = mbedtls_psa_rsa_load_representation(attributes->type, key_buffer, key_buffer_size, &rsa); @@ -445,7 +424,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; - status = mbedtls_psa_rsa_load_representation(attributes->core.type, + status = mbedtls_psa_rsa_load_representation(attributes->type, key_buffer, key_buffer_size, &rsa); @@ -557,11 +536,11 @@ psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attribut (void) output_size; (void) output_length; - if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation(attributes->core.type, + status = mbedtls_psa_rsa_load_representation(attributes->type, key_buffer, key_buffer_size, &rsa); @@ -653,11 +632,11 @@ psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attribut *output_length = 0; - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) mbedtls_rsa_context *rsa = NULL; - status = mbedtls_psa_rsa_load_representation(attributes->core.type, + status = mbedtls_psa_rsa_load_representation(attributes->type, key_buffer, key_buffer_size, &rsa); diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index e4c5caf..ffeef26 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -109,6 +109,15 @@ psa_status_t mbedtls_psa_rsa_export_public_key( * entry point. * * \param[in] attributes The attributes for the RSA key to generate. + * \param[in] params Production parameters for the key + * generation. This function only uses + * `params->data`, + * which contains the public exponent. + * This can be a null pointer if + * \c params_data_length is 0. + * \param params_data_length Length of `params->data` in bytes. + * This can be 0, in which case the + * public exponent will be 65537. * \param[out] key_buffer Buffer where the key data is to be written. * \param[in] key_buffer_size Size of \p key_buffer in bytes. * \param[out] key_buffer_length On success, the number of bytes written in @@ -123,6 +132,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key( */ psa_status_t mbedtls_psa_rsa_generate_key( const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); /** Sign an already-calculated hash with an RSA private key. diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 47ace35..5dee32f 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -70,6 +70,9 @@ int psa_is_valid_key_id(mbedtls_svc_key_id_t key, int vendor_ok) * On success, the function locks the key slot. It is the responsibility of * the caller to unlock the key slot when it does not access it anymore. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the * key slot containing the description of the key @@ -94,16 +97,14 @@ static psa_status_t psa_get_and_lock_key_slot_in_memory( if (psa_key_id_is_volatile(key_id)) { slot = &global_data.key_slots[key_id - PSA_KEY_ID_VOLATILE_MIN]; - /* - * Check if both the PSA key identifier key_id and the owner - * identifier of key match those of the key slot. - * - * Note that, if the key slot is not occupied, its PSA key identifier - * is equal to zero. This is an invalid value for a PSA key identifier - * and thus cannot be equal to the valid PSA key identifier key_id. - */ - status = mbedtls_svc_key_id_equal(key, slot->attr.id) ? - PSA_SUCCESS : PSA_ERROR_DOES_NOT_EXIST; + /* Check if both the PSA key identifier key_id and the owner + * identifier of key match those of the key slot. */ + if ((slot->state == PSA_SLOT_FULL) && + (mbedtls_svc_key_id_equal(key, slot->attr.id))) { + status = PSA_SUCCESS; + } else { + status = PSA_ERROR_DOES_NOT_EXIST; + } } else { if (!psa_is_valid_key_id(key, 1)) { return PSA_ERROR_INVALID_HANDLE; @@ -248,11 +249,6 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) data = (psa_se_key_data_storage_t *) key_data; status = psa_copy_key_material_into_slot( slot, data->slot_number, sizeof(data->slot_number)); - - if (status == PSA_SUCCESS) { - status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, - PSA_SLOT_FULL); - } goto exit; } #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ @@ -262,9 +258,6 @@ static psa_status_t psa_load_persistent_key_into_slot(psa_key_slot_t *slot) goto exit; } - status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, - PSA_SLOT_FULL); - exit: psa_free_persistent_key_data(key_data, key_data_length); return status; @@ -336,10 +329,7 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot) /* Copy actual key length and core attributes into the slot on success */ slot->key.bytes = key_buffer_length; - slot->attr = attributes.core; - - status = psa_key_slot_state_transition(slot, PSA_SLOT_FILLING, - PSA_SLOT_FULL); + slot->attr = attributes; exit: if (status != PSA_SUCCESS) { psa_remove_key_data_from_memory(slot); @@ -358,12 +348,27 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, return PSA_ERROR_BAD_STATE; } +#if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; + /* If the key is persistent and not loaded, we cannot unlock the mutex + * between checking if the key is loaded and setting the slot as FULL, + * as otherwise another thread may load and then destroy the key + * in the meantime. */ + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif /* * On success, the pointer to the slot is passed directly to the caller * thus no need to unlock the key slot here. */ status = psa_get_and_lock_key_slot_in_memory(key, p_slot); if (status != PSA_ERROR_DOES_NOT_EXIST) { +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } @@ -374,6 +379,10 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, status = psa_reserve_free_key_slot(&volatile_key_id, p_slot); if (status != PSA_SUCCESS) { +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } @@ -407,10 +416,15 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, status = psa_register_read(*p_slot); } - return status; #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - return PSA_ERROR_INVALID_HANDLE; + status = PSA_ERROR_INVALID_HANDLE; #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ + +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + return status; } psa_status_t psa_unregister_read(psa_key_slot_t *slot) @@ -447,6 +461,24 @@ psa_status_t psa_unregister_read(psa_key_slot_t *slot) return PSA_ERROR_CORRUPTION_DETECTED; } +psa_status_t psa_unregister_read_under_mutex(psa_key_slot_t *slot) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif + status = psa_unregister_read(slot); +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + return status; +} + psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv) { @@ -510,7 +542,7 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) *handle = key; - return psa_unregister_read(slot); + return psa_unregister_read_under_mutex(slot); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ (void) key; @@ -521,44 +553,78 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle) psa_status_t psa_close_key(psa_key_handle_t handle) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; if (psa_key_handle_is_null(handle)) { return PSA_SUCCESS; } +#if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_get_and_lock_key_slot_in_memory(handle, &slot); if (status != PSA_SUCCESS) { if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } - +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } + if (slot->registered_readers == 1) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } psa_status_t psa_purge_key(mbedtls_svc_key_id_t key) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; +#if defined(MBEDTLS_THREADING_C) + /* We need to set status as success, otherwise CORRUPTION_DETECTED + * would be returned if the lock fails. */ + status = PSA_SUCCESS; + PSA_THREADING_CHK_RET(mbedtls_mutex_lock( + &mbedtls_threading_key_slot_mutex)); +#endif status = psa_get_and_lock_key_slot_in_memory(key, &slot); if (status != PSA_SUCCESS) { +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif return status; } if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) && (slot->registered_readers == 1)) { - return psa_wipe_key_slot(slot); + status = psa_wipe_key_slot(slot); } else { - return psa_unregister_read(slot); + status = psa_unregister_read(slot); } +#if defined(MBEDTLS_THREADING_C) + PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( + &mbedtls_threading_key_slot_mutex)); +#endif + + return status; } void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 002429b..bcfc9d8 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_status_t psa_initialize_key_slots(void); /** Delete all data from key slots in memory. + * This function is not thread safe, it wipes every key slot regardless of + * state and reader count. It should only be called when no slot is in use. * * This does not affect persistent storage. */ void psa_wipe_all_key_slots(void); @@ -105,6 +107,9 @@ void psa_wipe_all_key_slots(void); * It is the responsibility of the caller to change the slot's state to * PSA_SLOT_EMPTY/FULL once key creation has finished. * + * If multi-threading is enabled, the caller must hold the + * global key slot mutex. + * * \param[out] volatile_key_id On success, volatile key identifier * associated to the returned slot. * \param[out] p_slot On success, a pointer to the slot. @@ -200,6 +205,27 @@ static inline psa_status_t psa_register_read(psa_key_slot_t *slot) */ psa_status_t psa_unregister_read(psa_key_slot_t *slot); +/** Wrap a call to psa_unregister_read in the global key slot mutex. + * + * If threading is disabled, this simply calls psa_unregister_read. + * + * \note To ease the handling of errors in retrieving a key slot + * a NULL input pointer is valid, and the function returns + * successfully without doing anything in that case. + * + * \param[in] slot The key slot. + * \retval #PSA_SUCCESS + * \p slot is NULL or the key slot reader counter has been + * decremented (and potentially wiped) successfully. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * The slot's state was neither PSA_SLOT_FULL nor + * PSA_SLOT_PENDING_DELETION. + * Or a wipe was attempted and the slot's state was not + * PSA_SLOT_PENDING_DELETION. + * Or registered_readers was equal to 0. + */ +psa_status_t psa_unregister_read_under_mutex(psa_key_slot_t *slot); + /** Test whether a lifetime designates a key in an external cryptoprocessor. * * \param lifetime The lifetime to test. diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 13a3c8a..7d1317b 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -235,7 +235,7 @@ typedef struct { void psa_format_key_data_for_storage(const uint8_t *data, const size_t data_length, - const psa_core_key_attributes_t *attr, + const psa_key_attributes_t *attr, uint8_t *storage_data) { psa_persistent_key_storage_format *storage_format = @@ -267,7 +267,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, size_t storage_data_length, uint8_t **key_data, size_t *key_data_length, - psa_core_key_attributes_t *attr) + psa_key_attributes_t *attr) { psa_status_t status; const psa_persistent_key_storage_format *storage_format = @@ -314,7 +314,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, return PSA_SUCCESS; } -psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, +psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr, const uint8_t *data, const size_t data_length) { @@ -352,7 +352,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length) mbedtls_zeroize_and_free(key_data, key_data_length); } -psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, +psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr, uint8_t **data, size_t *data_length) { diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index b6b5e15..f1ea265 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -93,7 +93,7 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key); * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ -psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, +psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr, const uint8_t *data, const size_t data_length); @@ -123,7 +123,7 @@ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription */ -psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, +psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr, uint8_t **data, size_t *data_length); @@ -163,7 +163,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length); */ void psa_format_key_data_for_storage(const uint8_t *data, const size_t data_length, - const psa_core_key_attributes_t *attr, + const psa_key_attributes_t *attr, uint8_t *storage_data); /** @@ -186,7 +186,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, size_t storage_data_length, uint8_t **key_data, size_t *key_data_length, - psa_core_key_attributes_t *attr); + psa_key_attributes_t *attr); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /** This symbol is defined if transaction support is required. */ diff --git a/library/psa_util.c b/library/psa_util.c index 41586e2..4ccc5b0 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -8,14 +8,20 @@ #include "common.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +/* This is needed for MBEDTLS_ERR_XXX macros */ +#include <mbedtls/error.h> -#include <psa/crypto.h> +#if defined(MBEDTLS_ASN1_WRITE_C) +#include <mbedtls/asn1write.h> +#include <psa/crypto_sizes.h> +#endif #include "psa_util_internal.h" -/* The following includes are needed for MBEDTLS_ERR_XXX macros */ -#include <mbedtls/error.h> +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + +#include <psa/crypto.h> + #if defined(MBEDTLS_MD_LIGHT) #include <mbedtls/md.h> #endif @@ -40,6 +46,7 @@ #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) #include <mbedtls/cipher.h> #endif +#include <mbedtls/entropy.h> /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ @@ -158,6 +165,8 @@ int psa_pk_status_to_mbedtls(psa_status_t status) return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; case PSA_ERROR_INVALID_ARGUMENT: return MBEDTLS_ERR_PK_INVALID_ALG; + case PSA_ERROR_NOT_PERMITTED: + return MBEDTLS_ERR_PK_TYPE_MISMATCH; case PSA_ERROR_INSUFFICIENT_MEMORY: return MBEDTLS_ERR_PK_ALLOC_FAILED; case PSA_ERROR_BAD_STATE: @@ -330,4 +339,264 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family, } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ +/* Wrapper function allowing the classic API to use the PSA RNG. + * + * `mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE, ...)` calls + * `psa_generate_random(...)`. The state parameter is ignored since the + * PSA API doesn't support passing an explicit state. + */ +int mbedtls_psa_get_random(void *p_rng, + unsigned char *output, + size_t output_size) +{ + /* This function takes a pointer to the RNG state because that's what + * classic mbedtls functions using an RNG expect. The PSA RNG manages + * its own state internally and doesn't let the caller access that state. + * So we just ignore the state parameter, and in practice we'll pass + * NULL. */ + (void) p_rng; + psa_status_t status = psa_generate_random(output, output_size); + if (status == PSA_SUCCESS) { + return 0; + } else { + return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; + } +} + +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + +#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA) + +/** + * \brief Convert a single raw coordinate to DER ASN.1 format. The output der + * buffer is filled backward (i.e. starting from its end). + * + * \param raw_buf Buffer containing the raw coordinate to be + * converted. + * \param raw_len Length of raw_buf in bytes. This must be > 0. + * \param der_buf_start Pointer to the beginning of the buffer which + * will be filled with the DER converted data. + * \param der_buf_end End of the buffer used to store the DER output. + * + * \return On success, the amount of data (in bytes) written to + * the DER buffer. + * \return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if the provided der + * buffer is too small to contain all the converted data. + * \return MBEDTLS_ERR_ASN1_INVALID_DATA if the input raw + * coordinate is null (i.e. all zeros). + * + * \warning Raw and der buffer must not be overlapping. + */ +static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t raw_len, + unsigned char *der_buf_start, + unsigned char *der_buf_end) +{ + unsigned char *p = der_buf_end; + int len; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + /* ASN.1 DER encoding requires minimal length, so skip leading 0s. + * Provided input MPIs should not be 0, but as a failsafe measure, still + * detect that and return error in case. */ + while (*raw_buf == 0x00) { + ++raw_buf; + --raw_len; + if (raw_len == 0) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + len = (int) raw_len; + + /* Copy the raw coordinate to the end of der_buf. */ + if ((p - der_buf_start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + p -= len; + memcpy(p, raw_buf, len); + + /* If MSb is 1, ASN.1 requires that we prepend a 0. */ + if (*p & 0x80) { + if ((p - der_buf_start) < 1) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + --p; + *p = 0x00; + ++len; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der_buf_start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der_buf_start, MBEDTLS_ASN1_INTEGER)); + + return len; +} + +int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len, + unsigned char *der, size_t der_size, size_t *der_len) +{ + unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + unsigned char s[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; + const size_t coordinate_len = PSA_BITS_TO_BYTES(bits); + size_t len = 0; + unsigned char *p = der + der_size; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (raw_len != (2 * coordinate_len)) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + + /* Since raw and der buffers might overlap, dump r and s before starting + * the conversion. */ + memcpy(r, raw, coordinate_len); + memcpy(s, raw + coordinate_len, coordinate_len); + + /* der buffer will initially be written starting from its end so we pick s + * first and then r. */ + ret = convert_raw_to_der_single_int(s, coordinate_len, der, p); + if (ret < 0) { + return ret; + } + p -= ret; + len += ret; + + ret = convert_raw_to_der_single_int(r, coordinate_len, der, p); + if (ret < 0) { + return ret; + } + p -= ret; + len += ret; + + /* Add ASN.1 header (len + tag). */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + /* memmove the content of der buffer to its beginnig. */ + memmove(der, p, len); + *der_len = len; + + return 0; +} + +/** + * \brief Convert a single integer from ASN.1 DER format to raw. + * + * \param der Buffer containing the DER integer value to be + * converted. + * \param der_len Length of the der buffer in bytes. + * \param raw Output buffer that will be filled with the + * converted data. This should be at least + * coordinate_size bytes and it must be zeroed before + * calling this function. + * \param coordinate_size Size (in bytes) of a single coordinate in raw + * format. + * + * \return On success, the amount of DER data parsed from the + * provided der buffer. + * \return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the integer tag + * is missing in the der buffer. + * \return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the integer + * is null (i.e. all zeros) or if the output raw buffer + * is too small to contain the converted raw value. + * + * \warning Der and raw buffers must not be overlapping. + */ +static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len, + unsigned char *raw, size_t coordinate_size) +{ + unsigned char *p = der; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t unpadded_len, padding_len = 0; + + /* Get the length of ASN.1 element (i.e. the integer we need to parse). */ + ret = mbedtls_asn1_get_tag(&p, p + der_len, &unpadded_len, + MBEDTLS_ASN1_INTEGER); + if (ret != 0) { + return ret; + } + + /* It's invalid to have: + * - unpadded_len == 0. + * - MSb set without a leading 0x00 (leading 0x00 is checked below). */ + if (((unpadded_len == 0) || (*p & 0x80) != 0)) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + + /* Skip possible leading zero */ + if (*p == 0x00) { + p++; + unpadded_len--; + /* It is not allowed to have more than 1 leading zero. + * Ignore the case in which unpadded_len = 0 because that's a 0 encoded + * in ASN.1 format (i.e. 020100). */ + if ((unpadded_len > 0) && (*p == 0x00)) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + if (unpadded_len > coordinate_size) { + /* Parsed number is longer than the maximum expected value. */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + padding_len = coordinate_size - unpadded_len; + /* raw buffer was already zeroed by the calling function so zero-padding + * operation is skipped here. */ + memcpy(raw + padding_len, p, unpadded_len); + p += unpadded_len; + + return (int) (p - der); +} + +int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len, + unsigned char *raw, size_t raw_size, size_t *raw_len) +{ + unsigned char raw_tmp[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE]; + unsigned char *p = (unsigned char *) der; + size_t data_len; + size_t coordinate_size = PSA_BITS_TO_BYTES(bits); + int ret; + + /* The output raw buffer should be at least twice the size of a raw + * coordinate in order to store r and s. */ + if (raw_size < coordinate_size * 2) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + /* Check that the provided input DER buffer has the right header. */ + ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (ret != 0) { + return ret; + } + + memset(raw_tmp, 0, 2 * coordinate_size); + + /* Extract r */ + ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, coordinate_size); + if (ret < 0) { + return ret; + } + p += ret; + data_len -= ret; + + /* Extract s */ + ret = convert_der_to_raw_single_int(p, data_len, raw_tmp + coordinate_size, + coordinate_size); + if (ret < 0) { + return ret; + } + p += ret; + data_len -= ret; + + /* Check that we consumed all the input der data. */ + if ((size_t) (p - der) != der_len) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + memcpy(raw, raw_tmp, 2 * coordinate_size); + *raw_len = 2 * coordinate_size; + + return 0; +} + +#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */ diff --git a/library/psa_util_internal.h b/library/psa_util_internal.h index 3e62d5f..70a08a0 100644 --- a/library/psa_util_internal.h +++ b/library/psa_util_internal.h @@ -16,7 +16,7 @@ #include "psa/crypto.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /************************************************************************* * FFDH @@ -96,5 +96,5 @@ int psa_pk_status_to_mbedtls(psa_status_t status); sizeof(error_list)/sizeof(error_list[0]), \ fallback_f) -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PSA_UTIL_INTERNAL_H */ diff --git a/library/rsa.c b/library/rsa.c index a90b83a..5debc69 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -32,6 +32,7 @@ #include "rsa_alt_helpers.h" #include "rsa_internal.h" #include "mbedtls/oid.h" +#include "mbedtls/asn1write.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" #include "constant_time_internal.h" @@ -46,6 +47,369 @@ #include "mbedtls/platform.h" +/* + * Wrapper around mbedtls_asn1_get_mpi() that rejects zero. + * + * The value zero is: + * - never a valid value for an RSA parameter + * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete(). + * + * Since values can't be omitted in PKCS#1, passing a zero value to + * rsa_complete() would be incorrect, so reject zero values early. + */ +static int asn1_get_nonzero_mpi(unsigned char **p, + const unsigned char *end, + mbedtls_mpi *X) +{ + int ret; + + ret = mbedtls_asn1_get_mpi(p, end, X); + if (ret != 0) { + return ret; + } + + if (mbedtls_mpi_cmp_int(X, 0) == 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + return 0; +} + +int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) +{ + int ret, version; + size_t len; + unsigned char *p, *end; + + mbedtls_mpi T; + mbedtls_mpi_init(&T); + + p = (unsigned char *) key; + end = p + keylen; + + /* + * This function parses the RSAPrivateKey (PKCS#1) + * + * RSAPrivateKey ::= SEQUENCE { + * version Version, + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * otherPrimeInfos OtherPrimeInfos OPTIONAL + * } + */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + if (end != p + len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) { + return ret; + } + + if (version != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + /* Import N */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import E */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + NULL, &T)) != 0) { + goto cleanup; + } + + /* Import D */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL, + &T, NULL)) != 0) { + goto cleanup; + } + + /* Import P */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL, + NULL, NULL)) != 0) { + goto cleanup; + } + + /* Import Q */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T, + NULL, NULL)) != 0) { + goto cleanup; + } + +#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT) + /* + * The RSA CRT parameters DP, DQ and QP are nominally redundant, in + * that they can be easily recomputed from D, P and Q. However by + * parsing them from the PKCS1 structure it is possible to avoid + * recalculating them which both reduces the overhead of loading + * RSA private keys into memory and also avoids side channels which + * can arise when computing those values, since all of D, P, and Q + * are secret. See https://eprint.iacr.org/2020/055 for a + * description of one such attack. + */ + + /* Import DP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) { + goto cleanup; + } + + /* Import DQ */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) { + goto cleanup; + } + + /* Import QP */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) { + goto cleanup; + } + +#else + /* Verify existence of the CRT params */ + if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 || + (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) { + goto cleanup; + } +#endif + + /* rsa_complete() doesn't complete anything with the default + * implementation but is still called: + * - for the benefit of alternative implementation that may want to + * pre-compute stuff beyond what's provided (eg Montgomery factors) + * - as is also sanity-checks the key + * + * Furthermore, we also check the public part for consistency with + * mbedtls_pk_parse_pubkey(), as it includes size minima for example. + */ + if ((ret = mbedtls_rsa_complete(rsa)) != 0 || + (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) { + goto cleanup; + } + + if (p != end) { + ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + +cleanup: + + mbedtls_mpi_free(&T); + + if (ret != 0) { + mbedtls_rsa_free(rsa); + } + + return ret; +} + +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen) +{ + unsigned char *p = (unsigned char *) key; + unsigned char *end = (unsigned char *) (key + keylen); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len; + + /* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) { + return ret; + } + + if (end != p + len) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + /* Import N */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; + } + + if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0)) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + p += len; + + /* Import E */ + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) { + return ret; + } + + if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, p, len)) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + p += len; + + if (mbedtls_rsa_complete(rsa) != 0 || + mbedtls_rsa_check_pubkey(rsa) != 0) { + return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + } + + if (p != end) { + return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + } + + return 0; +} + +int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + size_t len = 0; + int ret; + + mbedtls_mpi T; /* Temporary holding the exported parameters */ + + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + + mbedtls_mpi_init(&T); + + /* Export QP */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DQ */ + if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export DP */ + if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export Q */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export P */ + if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export D */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} + +/* + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER -- e + * } + */ +int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len = 0; + mbedtls_mpi T; + + mbedtls_mpi_init(&T); + + /* Export E */ + if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + + /* Export N */ + if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || + (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) { + goto end_of_export; + } + len += ret; + +end_of_export: + + mbedtls_mpi_free(&T); + if (ret < 0) { + return ret; + } + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) @@ -653,6 +1017,14 @@ int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx) } /* + * Get length in bits of RSA modulus + */ +size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx) +{ + return mbedtls_mpi_bitlen(&ctx->N); +} + +/* * Get length in bytes of RSA modulus */ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) @@ -660,7 +1032,6 @@ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) return ctx->len; } - #if defined(MBEDTLS_GENPRIME) /* diff --git a/library/rsa_internal.h b/library/rsa_internal.h index 4081ac6..f79c3b7 100644 --- a/library/rsa_internal.h +++ b/library/rsa_internal.h @@ -15,6 +15,85 @@ #define MBEDTLS_RSA_INTERNAL_H #include "mbedtls/rsa.h" +#include "mbedtls/asn1.h" + +/** + * \brief Parse a PKCS#1 (ASN.1) encoded private RSA key. + * + * \param rsa The RSA context where parsed data will be stored. + * \param key The buffer that contains the key. + * \param keylen The length of the key buffer in bytes. + * + * \return 0 on success. + * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. + * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while + * parsing data. + * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the + * provided key fail. + */ +int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); + +/** + * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. + * + * \param rsa The RSA context where parsed data will be stored. + * \param key The buffer that contains the key. + * \param keylen The length of the key buffer in bytes. + * + * \return 0 on success. + * \return MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors. + * \return MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while + * parsing data. + * \return MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the + * provided key fail. + */ +int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen); + +/** + * \brief Write a PKCS#1 (ASN.1) encoded private RSA key. + * + * \param rsa The RSA context which contains the data to be written. + * \param start Beginning of the buffer that will be filled with the + * private key. + * \param p End of the buffer that will be filled with the private key. + * On successful return, the referenced pointer will be + * updated in order to point to the beginning of written data. + * + * \return On success, the number of bytes written to the output buffer + * (i.e. a value > 0). + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not + * contain a valid key pair. + * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the + * output buffer. + * + * \note The output buffer is filled backward, i.e. starting from its + * end and moving toward its start. + */ +int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p); + +/** + * \brief Parse a PKCS#1 (ASN.1) encoded public RSA key. + * + * \param rsa The RSA context which contains the data to be written. + * \param start Beginning of the buffer that will be filled with the + * private key. + * \param p End of the buffer that will be filled with the private key. + * On successful return, the referenced pointer will be + * updated in order to point to the beginning of written data. + * + * \return On success, the number of bytes written to the output buffer + * (i.e. a value > 0). + * \return MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not + * contain a valid public key. + * \return MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the + * output buffer. + * + * \note The output buffer is filled backward, i.e. starting from its + * end and moving toward its start. + */ +int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start, + unsigned char **p); #if defined(MBEDTLS_PKCS1_V21) /** diff --git a/library/sha3.c b/library/sha3.c index d90fefa..5738559 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -14,6 +14,33 @@ #if defined(MBEDTLS_SHA3_C) +/* + * These macros select manually unrolled implementations of parts of the main permutation function. + * + * Unrolling has a major impact on both performance and code size. gcc performance benefits a lot + * from manually unrolling at higher optimisation levels. + * + * Depending on your size/perf priorities, compiler and target, it may be beneficial to adjust + * these; the defaults here should give sensible trade-offs for gcc and clang on aarch64 and + * x86-64. + */ +#if !defined(MBEDTLS_SHA3_THETA_UNROLL) + #define MBEDTLS_SHA3_THETA_UNROLL 0 //no-check-names +#endif +#if !defined(MBEDTLS_SHA3_CHI_UNROLL) + #if defined(__OPTIMIZE_SIZE__) + #define MBEDTLS_SHA3_CHI_UNROLL 0 //no-check-names + #else + #define MBEDTLS_SHA3_CHI_UNROLL 1 //no-check-names + #endif +#endif +#if !defined(MBEDTLS_SHA3_PI_UNROLL) + #define MBEDTLS_SHA3_PI_UNROLL 1 //no-check-names +#endif +#if !defined(MBEDTLS_SHA3_RHO_UNROLL) + #define MBEDTLS_SHA3_RHO_UNROLL 1 //no-check-names +#endif + #include "mbedtls/sha3.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -26,46 +53,45 @@ #define XOR_BYTE 0x6 -typedef struct mbedtls_sha3_family_functions { - mbedtls_sha3_id id; - - uint16_t r; - uint16_t olen; -} -mbedtls_sha3_family_functions; - -/* - * List of supported SHA-3 families +/* Precomputed masks for the iota transform. + * + * Each round uses a 64-bit mask value. In each mask values, only + * bits whose position is of the form 2^k-1 can be set, thus only + * 7 of 64 bits of the mask need to be known for each mask value. + * + * We use a compressed encoding of the mask where bits 63, 31 and 15 + * are moved to bits 4-6. This allows us to make each mask value + * 1 byte rather than 8 bytes, saving 7*24 = 168 bytes of data (with + * perhaps a little variation due to alignment). Decompressing this + * requires a little code, but much less than the savings on the table. + * + * The impact on performance depends on the platform and compiler. + * There's a bit more computation, but less memory bandwidth. A quick + * benchmark on x86_64 shows a 7% speed improvement with GCC and a + * 5% speed penalty with Clang, compared to the naive uint64_t[24] table. + * YMMV. */ -static mbedtls_sha3_family_functions sha3_families[] = { - { MBEDTLS_SHA3_224, 1152, 224 }, - { MBEDTLS_SHA3_256, 1088, 256 }, - { MBEDTLS_SHA3_384, 832, 384 }, - { MBEDTLS_SHA3_512, 576, 512 }, - { MBEDTLS_SHA3_NONE, 0, 0 } -}; - -static const uint64_t rc[24] = { - 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, - 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, - 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, - 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003, - 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a, - 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008, +/* Helper macro to set the values of the higher bits in unused low positions */ +#define H(b63, b31, b15) (b63 << 6 | b31 << 5 | b15 << 4) +static const uint8_t iota_r_packed[24] = { + H(0, 0, 0) | 0x01, H(0, 0, 1) | 0x82, H(1, 0, 1) | 0x8a, H(1, 1, 1) | 0x00, + H(0, 0, 1) | 0x8b, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x09, + H(0, 0, 0) | 0x8a, H(0, 0, 0) | 0x88, H(0, 1, 1) | 0x09, H(0, 1, 0) | 0x0a, + H(0, 1, 1) | 0x8b, H(1, 0, 0) | 0x8b, H(1, 0, 1) | 0x89, H(1, 0, 1) | 0x03, + H(1, 0, 1) | 0x02, H(1, 0, 0) | 0x80, H(0, 0, 1) | 0x0a, H(1, 1, 0) | 0x0a, + H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x80, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x08, }; +#undef H -static const uint8_t rho[24] = { - 1, 62, 28, 27, 36, 44, 6, 55, 20, - 3, 10, 43, 25, 39, 41, 45, 15, - 21, 8, 18, 2, 61, 56, 14 +static const uint32_t rho[6] = { + 0x3f022425, 0x1c143a09, 0x2c3d3615, 0x27191713, 0x312b382e, 0x3e030832 }; -static const uint8_t pi[24] = { - 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, - 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1, +static const uint32_t pi[6] = { + 0x110b070a, 0x10050312, 0x04181508, 0x0d13170f, 0x0e14020c, 0x01060916 }; -#define ROT64(x, y) (((x) << (y)) | ((x) >> (64U - (y)))) +#define ROTR64(x, y) (((x) << (64U - (y))) | ((x) >> (y))) // 64-bit rotate right #define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3); \ } while (0) #define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3))) @@ -82,39 +108,97 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) uint64_t t; /* Theta */ +#if MBEDTLS_SHA3_THETA_UNROLL == 0 //no-check-names + for (i = 0; i < 5; i++) { + lane[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20]; + } + for (i = 0; i < 5; i++) { + t = lane[(i + 4) % 5] ^ ROTR64(lane[(i + 1) % 5], 63); + s[i] ^= t; s[i + 5] ^= t; s[i + 10] ^= t; s[i + 15] ^= t; s[i + 20] ^= t; + } +#else lane[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20]; lane[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21]; lane[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22]; lane[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23]; lane[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24]; - t = lane[4] ^ ROT64(lane[1], 1); + t = lane[4] ^ ROTR64(lane[1], 63); s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; - t = lane[0] ^ ROT64(lane[2], 1); + t = lane[0] ^ ROTR64(lane[2], 63); s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; - t = lane[1] ^ ROT64(lane[3], 1); + t = lane[1] ^ ROTR64(lane[3], 63); s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; - t = lane[2] ^ ROT64(lane[4], 1); + t = lane[2] ^ ROTR64(lane[4], 63); s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; - t = lane[3] ^ ROT64(lane[0], 1); + t = lane[3] ^ ROTR64(lane[0], 63); s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; +#endif /* Rho */ - for (i = 1; i < 25; i++) { - s[i] = ROT64(s[i], rho[i-1]); + for (i = 1; i < 25; i += 4) { + uint32_t r = rho[(i - 1) >> 2]; +#if MBEDTLS_SHA3_RHO_UNROLL == 0 + for (int j = i; j < i + 4; j++) { + uint8_t r8 = (uint8_t) (r >> 24); + r <<= 8; + s[j] = ROTR64(s[j], r8); + } +#else + s[i + 0] = ROTR64(s[i + 0], MBEDTLS_BYTE_3(r)); + s[i + 1] = ROTR64(s[i + 1], MBEDTLS_BYTE_2(r)); + s[i + 2] = ROTR64(s[i + 2], MBEDTLS_BYTE_1(r)); + s[i + 3] = ROTR64(s[i + 3], MBEDTLS_BYTE_0(r)); +#endif } /* Pi */ t = s[1]; - for (i = 0; i < 24; i++) { - SWAP(s[pi[i]], t); +#if MBEDTLS_SHA3_PI_UNROLL == 0 + for (i = 0; i < 24; i += 4) { + uint32_t p = pi[i >> 2]; + for (unsigned j = 0; j < 4; j++) { + SWAP(s[p & 0xff], t); + p >>= 8; + } } +#else + uint32_t p = pi[0]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); + p = pi[1]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); + p = pi[2]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); + p = pi[3]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); + p = pi[4]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); + p = pi[5]; + SWAP(s[MBEDTLS_BYTE_0(p)], t); SWAP(s[MBEDTLS_BYTE_1(p)], t); + SWAP(s[MBEDTLS_BYTE_2(p)], t); SWAP(s[MBEDTLS_BYTE_3(p)], t); +#endif /* Chi */ +#if MBEDTLS_SHA3_CHI_UNROLL == 0 //no-check-names + for (i = 0; i <= 20; i += 5) { + lane[0] = s[i]; lane[1] = s[i + 1]; lane[2] = s[i + 2]; + lane[3] = s[i + 3]; lane[4] = s[i + 4]; + s[i + 0] ^= (~lane[1]) & lane[2]; + s[i + 1] ^= (~lane[2]) & lane[3]; + s[i + 2] ^= (~lane[3]) & lane[4]; + s[i + 3] ^= (~lane[4]) & lane[0]; + s[i + 4] ^= (~lane[0]) & lane[1]; + } +#else lane[0] = s[0]; lane[1] = s[1]; lane[2] = s[2]; lane[3] = s[3]; lane[4] = s[4]; s[0] ^= (~lane[1]) & lane[2]; s[1] ^= (~lane[2]) & lane[3]; @@ -149,9 +233,14 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) s[22] ^= (~lane[3]) & lane[4]; s[23] ^= (~lane[4]) & lane[0]; s[24] ^= (~lane[0]) & lane[1]; +#endif /* Iota */ - s[0] ^= rc[round]; + /* Decompress the round masks (see definition of rc) */ + s[0] ^= ((iota_r_packed[round] & 0x40ull) << 57 | + (iota_r_packed[round] & 0x20ull) << 26 | + (iota_r_packed[round] & 0x10ull) << 11 | + (iota_r_packed[round] & 0x8f)); } } @@ -180,21 +269,27 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst, */ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) { - mbedtls_sha3_family_functions *p = NULL; - - for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { - if (p->id == id) { + switch (id) { + case MBEDTLS_SHA3_224: + ctx->olen = 224 / 8; + ctx->max_block_size = 1152 / 8; break; - } - } - - if (p->id == MBEDTLS_SHA3_NONE) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + case MBEDTLS_SHA3_256: + ctx->olen = 256 / 8; + ctx->max_block_size = 1088 / 8; + break; + case MBEDTLS_SHA3_384: + ctx->olen = 384 / 8; + ctx->max_block_size = 832 / 8; + break; + case MBEDTLS_SHA3_512: + ctx->olen = 512 / 8; + ctx->max_block_size = 576 / 8; + break; + default: + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } - ctx->olen = p->olen / 8; - ctx->max_block_size = p->r / 8; - memset(ctx->state, 0, sizeof(ctx->state)); ctx->index = 0; diff --git a/library/sha512.c b/library/sha512.c index 6011254..6dcea8d 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -102,6 +102,14 @@ # if defined(__linux__) /* Our preferred method of detection is getauxval() */ # include <sys/auxv.h> +# if !defined(HWCAP_SHA512) +/* The same header that declares getauxval() should provide the HWCAP_xxx + * constants to analyze its return value. However, the libc may be too + * old to have the constant that we need. So if it's missing, assume that + * the value is the same one used by the Linux kernel ABI. + */ +# define HWCAP_SHA512 (1 << 21) +# endif # endif /* Use SIGILL on Unix, and fall back to it on Linux */ # include <signal.h> diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h new file mode 100644 index 0000000..27ff721 --- /dev/null +++ b/library/ssl_ciphersuites_internal.h @@ -0,0 +1,154 @@ +/** + * \file ssl_ciphersuites_internal.h + * + * \brief Internal part of the public "ssl_ciphersuites.h". + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H +#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H + +#include "mbedtls/pk.h" + +#if defined(MBEDTLS_PK_C) +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); +#if defined(MBEDTLS_USE_PSA_CRYPTO) +psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info); +psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info); +#endif /* MBEDTLS_PK_C */ + +int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info); +int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info); + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) +static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_DHE_RSA: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECJPAKE: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) +static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + case MBEDTLS_KEY_EXCHANGE_RSA: + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) +static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */ + +static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_RSA: + case MBEDTLS_KEY_EXCHANGE_DHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + return 1; + + default: + return 0; + } +} + +static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_RSA: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + return 1; + + default: + return 0; + } +} + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) +static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_DHE_RSA: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */ + +#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) +static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */ + +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) +static inline int mbedtls_ssl_ciphersuite_uses_server_signature( + const mbedtls_ssl_ciphersuite_t *info) +{ + switch (info->MBEDTLS_PRIVATE(key_exchange)) { + case MBEDTLS_KEY_EXCHANGE_DHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + return 1; + + default: + return 0; + } +} +#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */ + +#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */ diff --git a/library/ssl_client.c b/library/ssl_client.c index d585ca5..8892acf 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -12,7 +12,7 @@ #include <string.h> -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" @@ -765,11 +765,6 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* Bet on the highest configured version if we are not in a TLS 1.2 * renegotiation or session resumption. */ diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h index 2b0e737..a8e3140 100644 --- a/library/ssl_debug_helpers.h +++ b/library/ssl_debug_helpers.h @@ -21,6 +21,10 @@ const char *mbedtls_ssl_states_str(mbedtls_ssl_states in); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) +const char *mbedtls_ssl_early_data_status_str(mbedtls_ssl_early_data_status in); +#endif + const char *mbedtls_ssl_protocol_version_str(mbedtls_ssl_protocol_version in); const char *mbedtls_tls_prf_types_str(mbedtls_tls_prf_types in); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 96afe76..883b988 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -44,6 +44,8 @@ #endif #include "mbedtls/pk.h" +#include "ssl_ciphersuites_internal.h" +#include "x509_internal.h" #include "pk_internal.h" #include "common.h" @@ -650,6 +652,10 @@ struct mbedtls_ssl_handshake_params { /* Flag indicating if a CertificateRequest message has been sent * to the client or not. */ uint8_t certificate_request_sent; +#if defined(MBEDTLS_SSL_EARLY_DATA) + /* Flag indicating if the server has accepted early data or not. */ + uint8_t early_data_accepted; +#endif #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) @@ -659,21 +665,21 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_CLI_C) /** Minimum TLS version to be negotiated. * - * It is set up in the ClientHello writing preparation stage and used - * throughout the ClientHello writing. Not relevant anymore as soon as - * the protocol version has been negotiated thus as soon as the - * ServerHello is received. - * For a fresh handshake not linked to any previous handshake, it is - * equal to the configured minimum minor version to be negotiated. When - * renegotiating or resuming a session, it is equal to the previously - * negotiated minor version. + * It is set up in the ClientHello writing preparation stage and used + * throughout the ClientHello writing. Not relevant anymore as soon as + * the protocol version has been negotiated thus as soon as the + * ServerHello is received. + * For a fresh handshake not linked to any previous handshake, it is + * equal to the configured minimum minor version to be negotiated. When + * renegotiating or resuming a session, it is equal to the previously + * negotiated minor version. * - * There is no maximum TLS version field in this handshake context. - * From the start of the handshake, we need to define a current protocol - * version for the record layer which we define as the maximum TLS - * version to be negotiated. The `tls_version` field of the SSL context is - * used to store this maximum value until it contains the actual - * negotiated value. + * There is no maximum TLS version field in this handshake context. + * From the start of the handshake, we need to define a current protocol + * version for the record layer which we define as the maximum TLS + * version to be negotiated. The `tls_version` field of the SSL context is + * used to store this maximum value until it contains the actual + * negotiated value. */ mbedtls_ssl_protocol_version min_tls_version; #endif @@ -724,15 +730,29 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) uint8_t key_exchange_mode; /*!< Selected key exchange mode */ - /** Number of HelloRetryRequest messages received/sent from/to the server. */ - int hello_retry_request_count; + /** + * Flag indicating if, in the course of the current handshake, an + * HelloRetryRequest message has been sent by the server or received by + * the client (<> 0) or not (0). + */ + uint8_t hello_retry_request_flag; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + /** + * Flag indicating if, in the course of the current handshake, a dummy + * change_cipher_spec (CCS) record has already been sent. Used to send only + * one CCS per handshake while not complicating the handshake state + * transitions for that purpose. + */ + uint8_t ccs_sent; +#endif #if defined(MBEDTLS_SSL_SRV_C) - /** selected_group of key_share extension in HelloRetryRequest message. */ - uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */ #endif + /** selected_group of key_share extension in HelloRetryRequest message. */ + uint16_t hrr_selected_group; #if defined(MBEDTLS_SSL_SESSION_TICKETS) uint16_t new_session_tickets_count; /*!< number of session tickets */ #endif @@ -2131,11 +2151,8 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, const unsigned char *end, size_t *out_len); -#if defined(MBEDTLS_SSL_SRV_C) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \ - MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT -#endif /* MBEDTLS_SSL_SRV_C */ - +int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, + size_t early_data_len); #endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6579c96..0c71157 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -18,7 +18,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" @@ -3985,6 +3985,35 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, rec)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret); +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) + /* + * Although the server rejected early data, it might receive early + * data as long as it has not received the client Finished message. + * It is encrypted with early keys and should be ignored as stated + * in section 4.2.10 of RFC 8446: + * + * "Ignore the extension and return a regular 1-RTT response. The + * server then skips past early data by attempting to deprotect + * received records using the handshake traffic key, discarding + * records which fail deprotection (up to the configured + * max_early_data_size). Once a record is deprotected successfully, + * it is treated as the start of the client's second flight and the + * server proceeds as with an ordinary 1-RTT handshake." + */ + if ((old_msg_type == MBEDTLS_SSL_MSG_APPLICATION_DATA) && + (ssl->discard_early_data_record == + MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) { + MBEDTLS_SSL_DEBUG_MSG( + 3, ("EarlyData: deprotect and discard app data records.")); + + ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); + if (ret != 0) { + return ret; + } + ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID && ssl->conf->ignore_unexpected_cid @@ -3994,9 +4023,27 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + /* + * The decryption of the record failed, no reason to ignore it, + * return in error with the decryption error code. + */ return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) + /* + * If the server were discarding protected records that it fails to + * deprotect because it has rejected early data, as we have just + * deprotected successfully a record, the server has to resume normal + * operation and fail the connection if the deprotection of a record + * fails. + */ + if (ssl->discard_early_data_record == + MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD) { + ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; + } +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ + if (old_msg_type != rec->type) { MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d", old_msg_type, rec->type)); @@ -4070,6 +4117,38 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl, } +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) + /* + * Although the server rejected early data because it needed to send an + * HelloRetryRequest message, it might receive early data as long as it has + * not received the client Finished message. + * The early data is encrypted with early keys and should be ignored as + * stated in section 4.2.10 of RFC 8446 (second case): + * + * "The server then ignores early data by skipping all records with an + * external content type of "application_data" (indicating that they are + * encrypted), up to the configured max_early_data_size. Ignore application + * data message before 2nd ClientHello when early_data was received in 1st + * ClientHello." + */ + if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) { + if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) { + + ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len); + if (ret != 0) { + return ret; + } + + MBEDTLS_SSL_DEBUG_MSG( + 3, ("EarlyData: Ignore application message before 2nd ClientHello")); + + return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING; + } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) { + ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; + } + } +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) { mbedtls_ssl_dtls_replay_update(ssl); @@ -5648,12 +5727,53 @@ static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) } /* + * brief Read at most 'len' application data bytes from the input + * buffer. + * + * param ssl SSL context: + * - First byte of application data not read yet in the input + * buffer located at address `in_offt`. + * - The number of bytes of data not read yet is `in_msglen`. + * param buf buffer that will hold the data + * param len maximum number of bytes to read + * + * note The function updates the fields `in_offt` and `in_msglen` + * according to the number of bytes read. + * + * return The number of bytes read. + */ +static int ssl_read_application_data( + mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) +{ + size_t n = (len < ssl->in_msglen) ? len : ssl->in_msglen; + + if (len != 0) { + memcpy(buf, ssl->in_offt, n); + ssl->in_msglen -= n; + } + + /* Zeroising the plaintext buffer to erase unused application data + from the memory. */ + mbedtls_platform_zeroize(ssl->in_offt, n); + + if (ssl->in_msglen == 0) { + /* all bytes consumed */ + ssl->in_offt = NULL; + ssl->keep_current_message = 0; + } else { + /* more data available */ + ssl->in_offt += n; + } + + return (int) n; +} + +/* * Receive application data decrypted from the SSL layer */ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; if (ssl == NULL || ssl->conf == NULL) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; @@ -5817,31 +5937,33 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) #endif /* MBEDTLS_SSL_PROTO_DTLS */ } - n = (len < ssl->in_msglen) - ? len : ssl->in_msglen; + ret = ssl_read_application_data(ssl, buf, len); - if (len != 0) { - memcpy(buf, ssl->in_offt, n); - ssl->in_msglen -= n; - } + MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); - /* Zeroising the plaintext buffer to erase unused application data - from the memory. */ - mbedtls_platform_zeroize(ssl->in_offt, n); + return ret; +} - if (ssl->in_msglen == 0) { - /* all bytes consumed */ - ssl->in_offt = NULL; - ssl->keep_current_message = 0; - } else { - /* more data available */ - ssl->in_offt += n; +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA) +int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl, + unsigned char *buf, size_t len) +{ + if (ssl == NULL || (ssl->conf == NULL)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } - MBEDTLS_SSL_DEBUG_MSG(2, ("<= read")); + /* + * The server may receive early data only while waiting for the End of + * Early Data handshake message. + */ + if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) || + (ssl->in_offt == NULL)) { + return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA; + } - return (int) n; + return ssl_read_application_data(ssl, buf, len); } +#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */ /* * Send application data to be encrypted by the SSL layer, taking care of max @@ -5946,6 +6068,94 @@ int mbedtls_ssl_write(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t return ret; } +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) +int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const struct mbedtls_ssl_config *conf; + int written_data_len = 0; + + MBEDTLS_SSL_DEBUG_MSG(2, ("=> write early_data")); + + if (ssl == NULL || (conf = ssl->conf) == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if (conf->endpoint != MBEDTLS_SSL_IS_CLIENT) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if ((!mbedtls_ssl_conf_is_tls13_enabled(conf)) || + (conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) || + (conf->early_data_enabled != MBEDTLS_SSL_EARLY_DATA_ENABLED)) { + return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; + } + + if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; + } + + /* + * If we are at the beginning of the handshake, the early data status being + * equal to MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN or + * MBEDTLS_SSL_EARLY_DATA_STATUS_SENT advance the handshake just + * enough to be able to send early data if possible. That way, we can + * guarantee that when starting the handshake with this function we will + * send at least one record of early data. Note that when the status is + * MBEDTLS_SSL_EARLY_DATA_STATUS_SENT and not yet + * MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE, we cannot send early data yet + * as the early data outbound transform has not been set as we may have to + * first send a dummy CCS in clear. + */ + if ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) || + (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT)) { + while ((ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN) || + (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT)) { + ret = mbedtls_ssl_handshake_step(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake_step", ret); + return ret; + } + + ret = mbedtls_ssl_flush_output(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_flush_output", ret); + return ret; + } + } + } else { + /* + * If we are past the point where we can send early data, return + * immediatly. Otherwise, progress the handshake as much as possible to + * not delay it too much. If we reach a point where we can still send + * early data, then we will send some. + */ + if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) && + (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) { + return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; + } + + ret = mbedtls_ssl_handshake(ssl); + if ((ret != 0) && (ret != MBEDTLS_ERR_SSL_WANT_READ)) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_handshake", ret); + return ret; + } + } + + if ((ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE) && + (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED)) { + return MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA; + } + + written_data_len = ssl_write_real(ssl, buf, len); + + MBEDTLS_SSL_DEBUG_MSG(2, ("<= write early_data, len=%d", written_data_len)); + + return written_data_len; +} +#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */ + /* * Notify the peer that the connection is being closed */ diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index cd730fb..5da3887 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -75,6 +75,10 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, #if defined(MBEDTLS_HAVE_TIME) key->generation_time = mbedtls_time(NULL); #endif + /* The lifetime of a key is the configured lifetime of the tickets when + * the key is created. + */ + key->lifetime = ctx->ticket_lifetime; if ((ret = ctx->f_rng(ctx->p_rng, key->name, sizeof(key->name))) != 0) { return ret; @@ -116,16 +120,17 @@ static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) #if !defined(MBEDTLS_HAVE_TIME) ((void) ctx); #else - if (ctx->ticket_lifetime != 0) { + mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active; + if (key->lifetime != 0) { mbedtls_time_t current_time = mbedtls_time(NULL); - mbedtls_time_t key_time = ctx->keys[ctx->active].generation_time; + mbedtls_time_t key_time = key->generation_time; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; #endif if (current_time >= key_time && - (uint64_t) (current_time - key_time) < ctx->ticket_lifetime) { + (uint64_t) (current_time - key_time) < key->lifetime) { return 0; } @@ -198,6 +203,8 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, #if defined(MBEDTLS_HAVE_TIME) key->generation_time = mbedtls_time(NULL); #endif + key->lifetime = lifetime; + return 0; } @@ -331,7 +338,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, key = &ctx->keys[ctx->active]; - *ticket_lifetime = ctx->ticket_lifetime; + *ticket_lifetime = key->lifetime; memcpy(key_name, key->name, TICKET_KEY_NAME_BYTES); @@ -495,43 +502,22 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, } #if defined(MBEDTLS_HAVE_TIME) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) - if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - /* Check for expiration */ - mbedtls_ms_time_t ticket_age = -1; -#if defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - ticket_age = mbedtls_ms_time() - session->ticket_creation_time; - } -#endif -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { - ticket_age = mbedtls_ms_time() - session->ticket_reception_time; - } -#endif - - mbedtls_ms_time_t ticket_lifetime = - (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000; + mbedtls_ms_time_t ticket_creation_time, ticket_age; + mbedtls_ms_time_t ticket_lifetime = + (mbedtls_ms_time_t) ctx->ticket_lifetime * 1000; - if (ticket_age < 0 || ticket_age > ticket_lifetime) { - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } + ret = mbedtls_ssl_session_get_ticket_creation_time(session, + &ticket_creation_time); + if (ret != 0) { + goto cleanup; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { - /* Check for expiration */ - mbedtls_time_t current_time = mbedtls_time(NULL); - if (current_time < session->start || - (uint32_t) (current_time - session->start) > ctx->ticket_lifetime) { - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; - goto cleanup; - } + ticket_age = mbedtls_ms_time() - ticket_creation_time; + if (ticket_age < 0 || ticket_age > ticket_lifetime) { + ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; + goto cleanup; } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#endif /* MBEDTLS_HAVE_TIME */ +#endif cleanup: #if defined(MBEDTLS_THREADING_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 0071b06..5002443 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -20,7 +20,7 @@ #include "ssl_debug_helpers.h" #include "ssl_misc.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" @@ -432,10 +432,6 @@ static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); #endif /* MBEDTLS_MD_CAN_SHA384*/ -static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len); - MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls12_session_load(mbedtls_ssl_session *session, const unsigned char *buf, @@ -631,7 +627,7 @@ static const char *extension_name_table[] = { [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit" }; -static unsigned int extension_type_table[] = { +static const unsigned int extension_type_table[] = { [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff, [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME, [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH, @@ -1098,6 +1094,16 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_ALLOC_FAILED; } +#if defined(MBEDTLS_SSL_EARLY_DATA) +#if defined(MBEDTLS_SSL_CLI_C) + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN; +#endif +#if defined(MBEDTLS_SSL_SRV_C) + ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD; +#endif + ssl->total_early_data_size = 0; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* Initialize structures */ mbedtls_ssl_session_init(ssl->session_negotiate); ssl_handshake_params_init(ssl->handshake); @@ -1356,6 +1362,11 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return MBEDTLS_ERR_SSL_NO_RNG; + } + /* Space for further checks */ return 0; @@ -2440,290 +2451,6 @@ mbedtls_ssl_mode_t mbedtls_ssl_get_mode_from_ciphersuite( #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) -/* Serialization of TLS 1.3 sessions: - * - * struct { - * opaque hostname<0..2^16-1>; - * uint64 ticket_reception_time; - * uint32 ticket_lifetime; - * opaque ticket<1..2^16-1>; - * } ClientOnlyData; - * - * struct { - * uint8 endpoint; - * uint8 ciphersuite[2]; - * uint32 ticket_age_add; - * uint8 ticket_flags; - * opaque resumption_key<0..255>; - * uint32 max_early_data_size; - * uint16 record_size_limit; - * select ( endpoint ) { - * case client: ClientOnlyData; - * case server: uint64 ticket_creation_time; - * }; - * } serialized_session_tls13; - * - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - unsigned char *p = buf; -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len = (session->hostname == NULL) ? - 0 : strlen(session->hostname) + 1; -#endif - size_t needed = 1 /* endpoint */ - + 2 /* ciphersuite */ - + 4 /* ticket_age_add */ - + 1 /* ticket_flags */ - + 1; /* resumption_key length */ - *olen = 0; - - if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - needed += session->resumption_key_len; /* resumption_key */ - -#if defined(MBEDTLS_SSL_EARLY_DATA) - needed += 4; /* max_early_data_size */ -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - needed += 2; /* record_size_limit */ -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_HAVE_TIME) - needed += 8; /* ticket_creation_time or ticket_reception_time */ -#endif - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - needed += 2 /* hostname_len */ - + hostname_len; /* hostname */ -#endif - - needed += 4 /* ticket_lifetime */ - + 2; /* ticket_len */ - - /* Check size_t overflow */ - if (session->ticket_len > SIZE_MAX - needed) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - needed += session->ticket_len; /* ticket */ - } -#endif /* MBEDTLS_SSL_CLI_C */ - - *olen = needed; - if (needed > buf_len) { - return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; - } - - p[0] = session->endpoint; - MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 1); - MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 3); - p[7] = session->ticket_flags; - - /* save resumption_key */ - p[8] = session->resumption_key_len; - p += 9; - memcpy(p, session->resumption_key, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); - p += 2; - if (hostname_len > 0) { - /* save host name */ - memcpy(p, session->hostname, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); - p += 8; -#endif - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - - MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); - p += 2; - - if (session->ticket != NULL && session->ticket_len > 0) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - return 0; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ - const unsigned char *p = buf; - const unsigned char *end = buf + len; - - if (end - p < 9) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->endpoint = p[0]; - session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 1); - session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 3); - session->ticket_flags = p[7]; - - /* load resumption_key */ - session->resumption_key_len = p[8]; - p += 9; - - if (end - p < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (sizeof(session->resumption_key) < session->resumption_key_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - memcpy(session->resumption_key, p, session->resumption_key_len); - p += session->resumption_key_len; - -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; -#endif -#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; -#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ - -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_SSL_CLI_C) - if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - size_t hostname_len; - /* load host name */ - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - hostname_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) hostname_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (hostname_len > 0) { - session->hostname = mbedtls_calloc(1, hostname_len); - if (session->hostname == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->hostname, p, hostname_len); - p += hostname_len; - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_HAVE_TIME) - if (end - p < 8) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; -#endif - if (end - p < 4) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - if (end - p < 2) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - if (end - p < (long int) session->ticket_len) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->ticket_len > 0) { - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - } -#endif /* MBEDTLS_SSL_CLI_C */ - - return 0; - -} -#else /* MBEDTLS_SSL_SESSION_TICKETS */ -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len, - size_t *olen) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - *olen = 0; - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} - -static int ssl_tls13_session_load(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len) -{ - ((void) session); - ((void) buf); - ((void) buf_len); - return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -} -#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ -#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ - psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type, size_t taglen, psa_algorithm_t *alg, @@ -3640,6 +3367,630 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + +/* Serialization of TLS 1.2 sessions + * + * For more detail, see the description of ssl_session_save(). + */ +static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len) +{ + unsigned char *p = buf; + size_t used = 0; + +#if defined(MBEDTLS_HAVE_TIME) + uint64_t start; +#endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + size_t cert_len; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Time + */ +#if defined(MBEDTLS_HAVE_TIME) + used += 8; + + if (used <= buf_len) { + start = (uint64_t) session->start; + + MBEDTLS_PUT_UINT64_BE(start, p, 0); + p += 8; + } +#endif /* MBEDTLS_HAVE_TIME */ + + /* + * Basic mandatory fields + */ + used += 1 /* id_len */ + + sizeof(session->id) + + sizeof(session->master) + + 4; /* verify_result */ + + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_0(session->id_len); + memcpy(p, session->id, 32); + p += 32; + + memcpy(p, session->master, 48); + p += 48; + + MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); + p += 4; + } + + /* + * Peer's end-entity certificate + */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + if (session->peer_cert == NULL) { + cert_len = 0; + } else { + cert_len = session->peer_cert->raw.len; + } + + used += 3 + cert_len; + + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_2(cert_len); + *p++ = MBEDTLS_BYTE_1(cert_len); + *p++ = MBEDTLS_BYTE_0(cert_len); + + if (session->peer_cert != NULL) { + memcpy(p, session->peer_cert->raw.p, cert_len); + p += cert_len; + } + } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + if (session->peer_cert_digest != NULL) { + used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; + if (used <= buf_len) { + *p++ = (unsigned char) session->peer_cert_digest_type; + *p++ = (unsigned char) session->peer_cert_digest_len; + memcpy(p, session->peer_cert_digest, + session->peer_cert_digest_len); + p += session->peer_cert_digest_len; + } + } else { + used += 2; + if (used <= buf_len) { + *p++ = (unsigned char) MBEDTLS_MD_NONE; + *p++ = 0; + } + } +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Session ticket if any, plus associated data + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { + used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ + + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_2(session->ticket_len); + *p++ = MBEDTLS_BYTE_1(session->ticket_len); + *p++ = MBEDTLS_BYTE_0(session->ticket_len); + + if (session->ticket != NULL) { + memcpy(p, session->ticket, session->ticket_len); + p += session->ticket_len; + } + + MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); + p += 4; + } + } +#endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + used += 8; + + if (used <= buf_len) { + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); + p += 8; + } + } +#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + + /* + * Misc extension-related info + */ +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + used += 1; + + if (used <= buf_len) { + *p++ = session->mfl_code; + } +#endif + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + used += 1; + + if (used <= buf_len) { + *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); + } +#endif + + return used; +} + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls12_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len) +{ +#if defined(MBEDTLS_HAVE_TIME) + uint64_t start; +#endif +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + size_t cert_len; +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + const unsigned char *p = buf; + const unsigned char * const end = buf + len; + + /* + * Time + */ +#if defined(MBEDTLS_HAVE_TIME) + if (8 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + start = MBEDTLS_GET_UINT64_BE(p, 0); + p += 8; + + session->start = (time_t) start; +#endif /* MBEDTLS_HAVE_TIME */ + + /* + * Basic mandatory fields + */ + if (1 + 32 + 48 + 4 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->id_len = *p++; + memcpy(session->id, p, 32); + p += 32; + + memcpy(session->master, p, 48); + p += 48; + + session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); + p += 4; + + /* Immediately clear invalid pointer values that have been read, in case + * we exit early before we replaced them with valid ones. */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + session->peer_cert = NULL; +#else + session->peer_cert_digest = NULL; +#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) + session->ticket = NULL; +#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ + + /* + * Peer certificate + */ +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) + /* Deserialize CRT from the end of the ticket. */ + if (3 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + cert_len = MBEDTLS_GET_UINT24_BE(p, 0); + p += 3; + + if (cert_len != 0) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + if (cert_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); + + if (session->peer_cert == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + mbedtls_x509_crt_init(session->peer_cert); + + if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, + p, cert_len)) != 0) { + mbedtls_x509_crt_free(session->peer_cert); + mbedtls_free(session->peer_cert); + session->peer_cert = NULL; + return ret; + } + + p += cert_len; + } +#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ + /* Deserialize CRT digest from the end of the ticket. */ + if (2 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; + session->peer_cert_digest_len = (size_t) *p++; + + if (session->peer_cert_digest_len != 0) { + const mbedtls_md_info_t *md_info = + mbedtls_md_info_from_type(session->peer_cert_digest_type); + if (md_info == NULL) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if (session->peer_cert_digest_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->peer_cert_digest = + mbedtls_calloc(1, session->peer_cert_digest_len); + if (session->peer_cert_digest == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + memcpy(session->peer_cert_digest, p, + session->peer_cert_digest_len); + p += session->peer_cert_digest_len; + } +#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ + + /* + * Session ticket and associated data + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { + if (3 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); + p += 3; + + if (session->ticket_len != 0) { + if (session->ticket_len > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->ticket = mbedtls_calloc(1, session->ticket_len); + if (session->ticket == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + + memcpy(session->ticket, p, session->ticket_len); + p += session->ticket_len; + } + + if (4 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); + p += 4; + } +#endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (8 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); + p += 8; + } +#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_SRV_C */ +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + + /* + * Misc extension-related info + */ +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + if (1 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->mfl_code = *p++; +#endif + +#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + if (1 > (size_t) (end - p)) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + session->encrypt_then_mac = *p++; +#endif + + /* Done, should have consumed entire buffer */ + if (p != end) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + return 0; +} + +#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* Serialization of TLS 1.3 sessions: + * + * For more detail, see the description of ssl_session_save(). + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen) +{ + unsigned char *p = buf; +#if defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + size_t hostname_len = (session->hostname == NULL) ? + 0 : strlen(session->hostname) + 1; +#endif + size_t needed = 4 /* ticket_age_add */ + + 1 /* ticket_flags */ + + 1; /* resumption_key length */ + *olen = 0; + + if (session->resumption_key_len > MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + needed += session->resumption_key_len; /* resumption_key */ + +#if defined(MBEDTLS_SSL_EARLY_DATA) + needed += 4; /* max_early_data_size */ +#endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + needed += 2; /* record_size_limit */ +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + +#if defined(MBEDTLS_HAVE_TIME) + needed += 8; /* ticket_creation_time or ticket_reception_time */ +#endif + +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + needed += 2 /* hostname_len */ + + hostname_len; /* hostname */ +#endif + + needed += 4 /* ticket_lifetime */ + + 2; /* ticket_len */ + + /* Check size_t overflow */ + if (session->ticket_len > SIZE_MAX - needed) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + needed += session->ticket_len; /* ticket */ + } +#endif /* MBEDTLS_SSL_CLI_C */ + + *olen = needed; + if (needed > buf_len) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } + + MBEDTLS_PUT_UINT32_BE(session->ticket_age_add, p, 0); + p[4] = session->ticket_flags; + + /* save resumption_key */ + p[5] = session->resumption_key_len; + p += 6; + memcpy(p, session->resumption_key, session->resumption_key_len); + p += session->resumption_key_len; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + MBEDTLS_PUT_UINT32_BE(session->max_early_data_size, p, 0); + p += 4; +#endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + MBEDTLS_PUT_UINT16_BE(session->record_size_limit, p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_creation_time, p, 0); + p += 8; + } +#endif /* MBEDTLS_HAVE_TIME */ + +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + MBEDTLS_PUT_UINT16_BE(hostname_len, p, 0); + p += 2; + if (hostname_len > 0) { + /* save host name */ + memcpy(p, session->hostname, hostname_len); + p += hostname_len; + } +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + +#if defined(MBEDTLS_HAVE_TIME) + MBEDTLS_PUT_UINT64_BE((uint64_t) session->ticket_reception_time, p, 0); + p += 8; +#endif + MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); + p += 4; + + MBEDTLS_PUT_UINT16_BE(session->ticket_len, p, 0); + p += 2; + + if (session->ticket != NULL && session->ticket_len > 0) { + memcpy(p, session->ticket, session->ticket_len); + p += session->ticket_len; + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + return 0; +} + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_session_load(mbedtls_ssl_session *session, + const unsigned char *buf, + size_t len) +{ + const unsigned char *p = buf; + const unsigned char *end = buf + len; + + if (end - p < 6) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_age_add = MBEDTLS_GET_UINT32_BE(p, 0); + session->ticket_flags = p[4]; + + /* load resumption_key */ + session->resumption_key_len = p[5]; + p += 6; + + if (end - p < session->resumption_key_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + if (sizeof(session->resumption_key) < session->resumption_key_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + memcpy(session->resumption_key, p, session->resumption_key_len); + p += session->resumption_key_len; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (end - p < 4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->max_early_data_size = MBEDTLS_GET_UINT32_BE(p, 0); + p += 4; +#endif +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->record_size_limit = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + +#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + if (end - p < 8) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_creation_time = MBEDTLS_GET_UINT64_BE(p, 0); + p += 8; + } +#endif /* MBEDTLS_HAVE_TIME */ + +#if defined(MBEDTLS_SSL_CLI_C) + if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + size_t hostname_len; + /* load host name */ + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + hostname_len = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; + + if (end - p < (long int) hostname_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (hostname_len > 0) { + session->hostname = mbedtls_calloc(1, hostname_len); + if (session->hostname == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + memcpy(session->hostname, p, hostname_len); + p += hostname_len; + } +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + +#if defined(MBEDTLS_HAVE_TIME) + if (end - p < 8) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_reception_time = MBEDTLS_GET_UINT64_BE(p, 0); + p += 8; +#endif + if (end - p < 4) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); + p += 4; + + if (end - p < 2) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + session->ticket_len = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; + + if (end - p < (long int) session->ticket_len) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + if (session->ticket_len > 0) { + session->ticket = mbedtls_calloc(1, session->ticket_len); + if (session->ticket == NULL) { + return MBEDTLS_ERR_SSL_ALLOC_FAILED; + } + memcpy(session->ticket, p, session->ticket_len); + p += session->ticket_len; + } + } +#endif /* MBEDTLS_SSL_CLI_C */ + + return 0; + +} +#else /* MBEDTLS_SSL_SESSION_TICKETS */ +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_session_save(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len, + size_t *olen) +{ + ((void) session); + ((void) buf); + ((void) buf_len); + *olen = 0; + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; +} + +static int ssl_tls13_session_load(const mbedtls_ssl_session *session, + unsigned char *buf, + size_t buf_len) +{ + ((void) session); + ((void) buf); + ((void) buf_len); + return MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; +} +#endif /* !MBEDTLS_SSL_SESSION_TICKETS */ +#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + /* * Define ticket header determining Mbed TLS version * and structure of the ticket. @@ -3662,6 +4013,12 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, #define SSL_SERIALIZED_SESSION_CONFIG_CRT 0 #endif /* MBEDTLS_X509_CRT_PARSE_C */ +#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) +#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1 +#else +#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0 +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) #define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1 #else @@ -3686,12 +4043,34 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, #define SSL_SERIALIZED_SESSION_CONFIG_TICKET 0 #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) +#define SSL_SERIALIZED_SESSION_CONFIG_SNI 1 +#else +#define SSL_SERIALIZED_SESSION_CONFIG_SNI 0 +#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ + +#if defined(MBEDTLS_SSL_EARLY_DATA) +#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 1 +#else +#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA 0 +#endif /* MBEDTLS_SSL_EARLY_DATA */ + +#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) +#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 1 +#else +#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE 0 +#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */ + #define SSL_SERIALIZED_SESSION_CONFIG_TIME_BIT 0 #define SSL_SERIALIZED_SESSION_CONFIG_CRT_BIT 1 #define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT 2 #define SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT 3 #define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 4 #define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 5 +#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 6 +#define SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT 7 +#define SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT 8 +#define SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT 9 #define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \ ((uint16_t) ( \ @@ -3701,9 +4080,16 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET_BIT) | \ (SSL_SERIALIZED_SESSION_CONFIG_MFL << SSL_SERIALIZED_SESSION_CONFIG_MFL_BIT) | \ (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ - (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT))) - -static unsigned char ssl_serialized_session_header[] = { + (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \ + SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_SNI << SSL_SERIALIZED_SESSION_CONFIG_SNI_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA << \ + SSL_SERIALIZED_SESSION_CONFIG_EARLY_DATA_BIT) | \ + (SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE << \ + SSL_SERIALIZED_SESSION_CONFIG_RECORD_SIZE_BIT))) + +static const unsigned char ssl_serialized_session_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, @@ -3715,7 +4101,77 @@ static unsigned char ssl_serialized_session_header[] = { * Serialize a session in the following format: * (in the presentation language of TLS, RFC 8446 section 3) * - * struct { + * TLS 1.2 session: + * + * struct { + * #if defined(MBEDTLS_SSL_SESSION_TICKETS) + * opaque ticket<0..2^24-1>; // length 0 means no ticket + * uint32 ticket_lifetime; + * #endif + * } ClientOnlyData; + * + * struct { + * #if defined(MBEDTLS_HAVE_TIME) + * uint64 start_time; + * #endif + * uint8 session_id_len; // at most 32 + * opaque session_id[32]; + * opaque master[48]; // fixed length in the standard + * uint32 verify_result; + * #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE + * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert + * #else + * uint8 peer_cert_digest_type; + * opaque peer_cert_digest<0..2^8-1> + * #endif + * select (endpoint) { + * case client: ClientOnlyData; + * case server: uint64 ticket_creation_time; + * }; + * #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + * uint8 mfl_code; // up to 255 according to standard + * #endif + * #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) + * uint8 encrypt_then_mac; // 0 or 1 + * #endif + * } serialized_session_tls12; + * + * + * TLS 1.3 Session: + * + * struct { + * #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + * opaque hostname<0..2^16-1>; + * #endif + * #if defined(MBEDTLS_HAVE_TIME) + * uint64 ticket_reception_time; + * #endif + * uint32 ticket_lifetime; + * opaque ticket<1..2^16-1>; + * } ClientOnlyData; + * + * struct { + * uint32 ticket_age_add; + * uint8 ticket_flags; + * opaque resumption_key<0..255>; + * #if defined(MBEDTLS_SSL_EARLY_DATA) + * uint32 max_early_data_size; + * #endif + * #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) + * uint16 record_size_limit; + * #endif + * select ( endpoint ) { + * case client: ClientOnlyData; + * #if defined(MBEDTLS_HAVE_TIME) + * case server: uint64 ticket_creation_time; + * #endif + * }; + * } serialized_session_tls13; + * + * + * SSL session: + * + * struct { * * opaque mbedtls_version[3]; // library version: major, minor, patch * opaque session_format[2]; // library-version specific 16-bit field @@ -3733,6 +4189,8 @@ static unsigned char ssl_serialized_session_header[] = { * uint8_t minor_ver; // Protocol minor version. Possible values: * // - TLS 1.2 (0x0303) * // - TLS 1.3 (0x0304) + * uint8_t endpoint; + * uint16_t ciphersuite; * * select (serialized_session.tls_version) { * @@ -3779,11 +4237,16 @@ static int ssl_session_save(const mbedtls_ssl_session *session, } /* - * TLS version identifier + * TLS version identifier, endpoint, ciphersuite */ - used += 1; + used += 1 /* TLS version */ + + 1 /* endpoint */ + + 2; /* ciphersuite */ if (used <= buf_len) { *p++ = MBEDTLS_BYTE_0(session->tls_version); + *p++ = session->endpoint; + MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); + p += 2; } /* Forward to version-specific serialization routine. */ @@ -3866,12 +4329,15 @@ static int ssl_session_load(mbedtls_ssl_session *session, } /* - * TLS version identifier + * TLS version identifier, endpoint, ciphersuite */ - if (1 > (size_t) (end - p)) { + if (4 > (size_t) (end - p)) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } session->tls_version = (mbedtls_ssl_protocol_version) (0x0300 | *p++); + session->endpoint = *p++; + session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); + p += 2; /* Dispatch according to TLS version. */ remaining_len = (size_t) (end - p); @@ -4428,7 +4894,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session) (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ 0u)) -static unsigned char ssl_serialized_context_header[] = { +static const unsigned char ssl_serialized_context_header[] = { MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH, @@ -5046,7 +5512,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf) * See the documentation of mbedtls_ssl_conf_curves() for what we promise * about this list. */ -static uint16_t ssl_preset_default_groups[] = { +static const uint16_t ssl_preset_default_groups[] = { #if defined(MBEDTLS_ECP_HAVE_CURVE25519) MBEDTLS_SSL_IANA_TLS_GROUP_X25519, #endif @@ -5097,7 +5563,7 @@ static const int ssl_preset_suiteb_ciphersuites[] = { * - ssl_tls12_preset* is for TLS 1.2 use only. * - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes. */ -static uint16_t ssl_preset_default_sig_algs[] = { +static const uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ @@ -5192,7 +5658,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ /* NOTICE: see above */ -static uint16_t ssl_preset_suiteb_sig_algs[] = { +static const uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ @@ -5233,7 +5699,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -static uint16_t ssl_preset_suiteb_groups[] = { +static const uint16_t ssl_preset_suiteb_groups[] = { #if defined(MBEDTLS_ECP_HAVE_SECP256R1) MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, #endif @@ -5247,7 +5713,7 @@ static uint16_t ssl_preset_suiteb_groups[] = { /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs` * to make sure there are no duplicated signature algorithm entries. */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs) +static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs) { size_t i, j; int ret = 0; @@ -8940,360 +9406,6 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ -/* Serialization of TLS 1.2 sessions: - * - * struct { - * uint64 start_time; - * uint8 ciphersuite[2]; // defined by the standard - * uint8 session_id_len; // at most 32 - * opaque session_id[32]; - * opaque master[48]; // fixed length in the standard - * uint32 verify_result; - * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert - * opaque ticket<0..2^24-1>; // length 0 means no ticket - * uint32 ticket_lifetime; - * uint8 mfl_code; // up to 255 according to standard - * uint8 encrypt_then_mac; // 0 or 1 - * } serialized_session_tls12; - * - */ -static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, - unsigned char *buf, - size_t buf_len) -{ - unsigned char *p = buf; - size_t used = 0; - -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - used += 8; - - if (used <= buf_len) { - start = (uint64_t) session->start; - - MBEDTLS_PUT_UINT64_BE(start, p, 0); - p += 8; - } -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - used += 2 /* ciphersuite */ - + 1 /* id_len */ - + sizeof(session->id) - + sizeof(session->master) - + 4; /* verify_result */ - - if (used <= buf_len) { - MBEDTLS_PUT_UINT16_BE(session->ciphersuite, p, 0); - p += 2; - - *p++ = MBEDTLS_BYTE_0(session->id_len); - memcpy(p, session->id, 32); - p += 32; - - memcpy(p, session->master, 48); - p += 48; - - MBEDTLS_PUT_UINT32_BE(session->verify_result, p, 0); - p += 4; - } - - /* - * Peer's end-entity certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if (session->peer_cert == NULL) { - cert_len = 0; - } else { - cert_len = session->peer_cert->raw.len; - } - - used += 3 + cert_len; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(cert_len); - *p++ = MBEDTLS_BYTE_1(cert_len); - *p++ = MBEDTLS_BYTE_0(cert_len); - - if (session->peer_cert != NULL) { - memcpy(p, session->peer_cert->raw.p, cert_len); - p += cert_len; - } - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - if (session->peer_cert_digest != NULL) { - used += 1 /* type */ + 1 /* length */ + session->peer_cert_digest_len; - if (used <= buf_len) { - *p++ = (unsigned char) session->peer_cert_digest_type; - *p++ = (unsigned char) session->peer_cert_digest_len; - memcpy(p, session->peer_cert_digest, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } - } else { - used += 2; - if (used <= buf_len) { - *p++ = (unsigned char) MBEDTLS_MD_NONE; - *p++ = 0; - } - } -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket if any, plus associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - used += 3 + session->ticket_len + 4; /* len + ticket + lifetime */ - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_2(session->ticket_len); - *p++ = MBEDTLS_BYTE_1(session->ticket_len); - *p++ = MBEDTLS_BYTE_0(session->ticket_len); - - if (session->ticket != NULL) { - memcpy(p, session->ticket, session->ticket_len); - p += session->ticket_len; - } - - MBEDTLS_PUT_UINT32_BE(session->ticket_lifetime, p, 0); - p += 4; - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - used += 1; - - if (used <= buf_len) { - *p++ = session->mfl_code; - } -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - used += 1; - - if (used <= buf_len) { - *p++ = MBEDTLS_BYTE_0(session->encrypt_then_mac); - } -#endif - - return used; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls12_session_load(mbedtls_ssl_session *session, - const unsigned char *buf, - size_t len) -{ -#if defined(MBEDTLS_HAVE_TIME) - uint64_t start; -#endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - size_t cert_len; -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - const unsigned char *p = buf; - const unsigned char * const end = buf + len; - - /* - * Time - */ -#if defined(MBEDTLS_HAVE_TIME) - if (8 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - start = MBEDTLS_GET_UINT64_BE(p, 0); - p += 8; - - session->start = (time_t) start; -#endif /* MBEDTLS_HAVE_TIME */ - - /* - * Basic mandatory fields - */ - if (2 + 1 + 32 + 48 + 4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ciphersuite = MBEDTLS_GET_UINT16_BE(p, 0); - p += 2; - - session->id_len = *p++; - memcpy(session->id, p, 32); - p += 32; - - memcpy(session->master, p, 48); - p += 48; - - session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; - - /* Immediately clear invalid pointer values that have been read, in case - * we exit early before we replaced them with valid ones. */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - session->peer_cert = NULL; -#else - session->peer_cert_digest = NULL; -#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - session->ticket = NULL; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Peer certificate - */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - /* Deserialize CRT from the end of the ticket. */ - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - cert_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (cert_len != 0) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if (cert_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt)); - - if (session->peer_cert == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - mbedtls_x509_crt_init(session->peer_cert); - - if ((ret = mbedtls_x509_crt_parse_der(session->peer_cert, - p, cert_len)) != 0) { - mbedtls_x509_crt_free(session->peer_cert); - mbedtls_free(session->peer_cert); - session->peer_cert = NULL; - return ret; - } - - p += cert_len; - } -#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - /* Deserialize CRT digest from the end of the ticket. */ - if (2 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest_type = (mbedtls_md_type_t) *p++; - session->peer_cert_digest_len = (size_t) *p++; - - if (session->peer_cert_digest_len != 0) { - const mbedtls_md_info_t *md_info = - mbedtls_md_info_from_type(session->peer_cert_digest_type); - if (md_info == NULL) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - if (session->peer_cert_digest_len != mbedtls_md_get_size(md_info)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - if (session->peer_cert_digest_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->peer_cert_digest = - mbedtls_calloc(1, session->peer_cert_digest_len); - if (session->peer_cert_digest == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->peer_cert_digest, p, - session->peer_cert_digest_len); - p += session->peer_cert_digest_len; - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - - /* - * Session ticket and associated data - */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - if (3 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_len = MBEDTLS_GET_UINT24_BE(p, 0); - p += 3; - - if (session->ticket_len != 0) { - if (session->ticket_len > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket = mbedtls_calloc(1, session->ticket_len); - if (session->ticket == NULL) { - return MBEDTLS_ERR_SSL_ALLOC_FAILED; - } - - memcpy(session->ticket, p, session->ticket_len); - p += session->ticket_len; - } - - if (4 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0); - p += 4; -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ - - /* - * Misc extension-related info - */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->mfl_code = *p++; -#endif - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if (1 > (size_t) (end - p)) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - session->encrypt_then_mac = *p++; -#endif - - /* Done, should have consumed entire buffer */ - if (p != end) { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - return 0; -} #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ int mbedtls_ssl_validate_ciphersuite( diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 0c5af87..eac6a3a 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -14,7 +14,7 @@ #include "mbedtls/ssl.h" #include "ssl_client.h" #include "ssl_misc.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/constant_time.h" @@ -1268,6 +1268,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, ssl->conf->transport); ssl->session_negotiate->tls_version = ssl->tls_version; + ssl->session_negotiate->endpoint = ssl->conf->endpoint; if (ssl->tls_version < ssl->conf->min_tls_version || ssl->tls_version > ssl->conf->max_tls_version) { @@ -2005,9 +2006,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } -#if defined(MBEDTLS_ECP_C) +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); -#endif /* MBEDTLS_ECP_C */ +#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */ #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 5a9f6ca..b49a8ae 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -13,7 +13,7 @@ #include "mbedtls/ssl.h" #include "ssl_misc.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "constant_time_internal.h" @@ -1161,6 +1161,7 @@ read_record_header: ssl->tls_version = (mbedtls_ssl_protocol_version) mbedtls_ssl_read_version(buf, ssl->conf->transport); ssl->session_negotiate->tls_version = ssl->tls_version; + ssl->session_negotiate->endpoint = ssl->conf->endpoint; if (ssl->tls_version != MBEDTLS_SSL_VERSION_TLS1_2) { MBEDTLS_SSL_DEBUG_MSG(1, ("server only supports TLS 1.2")); @@ -2177,11 +2178,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* * 0 . 0 handshake type * 1 . 3 handshake length @@ -2702,8 +2698,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type)); psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits); - key_len = PSA_BITS_TO_BYTES(key->grp.pbits); - ret = mbedtls_ecp_write_key(key, buf, key_len); + ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf)); if (ret != 0) { mbedtls_platform_zeroize(buf, sizeof(buf)); break; @@ -4281,6 +4276,9 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) * 10 . 9+n ticket content */ +#if defined(MBEDTLS_HAVE_TIME) + ssl->session_negotiate->ticket_creation_time = mbedtls_ms_time(); +#endif if ((ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, ssl->session_negotiate, ssl->out_msg + 10, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index a3d33a3..88d6c9e 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -11,7 +11,7 @@ #include <string.h> -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" @@ -1180,25 +1180,29 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_SSL_EARLY_DATA) - if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && - ssl_tls13_early_data_has_valid_ticket(ssl) && - ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + /* In the first ClientHello, write the early data indication extension if + * necessary and update the early data status. + * If an HRR has been received and thus we are currently writing the + * second ClientHello, the second ClientHello must not contain an early + * data extension and the early data status must stay as it is: + * MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT or + * MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED. + */ + if (!ssl->handshake->hello_retry_request_flag) { + if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) && + ssl_tls13_early_data_has_valid_ticket(ssl) && + ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + ret = mbedtls_ssl_tls13_write_early_data_ext( + ssl, 0, p, end, &ext_len); + if (ret != 0) { + return ret; + } + p += ext_len; - ret = mbedtls_ssl_tls13_write_early_data_ext( - ssl, 0, p, end, &ext_len); - if (ret != 0) { - return ret; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT; + } else { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } - p += ext_len; - - /* Initializes the status to `rejected`. It will be updated to - * `accepted` if the EncryptedExtension message contain an early data - * indication extension. - */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - } else { - MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1235,11 +1239,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) size_t psk_len; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { -#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); -#endif + if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Set hs psk for early data when writing the first psk")); @@ -1294,6 +1294,16 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) return ret; } +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO); +#else + MBEDTLS_SSL_DEBUG_MSG( + 1, ("Switch to early data keys for outbound traffic")); + mbedtls_ssl_set_outbound_transform( + ssl, ssl->handshake->transform_earlydata); + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; +#endif } #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; @@ -1476,10 +1486,8 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, return SSL_SERVER_HELLO_TLS1_2; } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl->session_negotiate->endpoint = ssl->conf->endpoint; ssl->session_negotiate->tls_version = ssl->tls_version; -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + ssl->session_negotiate->endpoint = ssl->conf->endpoint; handshake->received_extensions = MBEDTLS_SSL_EXT_MASK_NONE; @@ -1495,7 +1503,7 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, * to a HelloRetryRequest), it MUST abort the handshake with an * "unexpected_message" alert. */ - if (handshake->hello_retry_request_count > 0) { + if (handshake->hello_retry_request_flag) { MBEDTLS_SSL_DEBUG_MSG(1, ("Multiple HRRs received")); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, @@ -1517,7 +1525,7 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } - handshake->hello_retry_request_count++; + handshake->hello_retry_request_flag = 1; break; } @@ -1672,7 +1680,7 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, * proposed in the HRR, we abort the handshake and send an * "illegal_parameter" alert. */ - else if ((!is_hrr) && (handshake->hello_retry_request_count > 0) && + else if ((!is_hrr) && handshake->hello_retry_request_flag && (cipher_suite != ssl->session_negotiate->ciphersuite)) { fatal_alert = MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER; } @@ -1965,6 +1973,13 @@ static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl) } ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id; + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + } +#endif + return 0; } @@ -2224,6 +2239,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } #endif @@ -2261,6 +2278,7 @@ cleanup: } +#if defined(MBEDTLS_SSL_EARLY_DATA) /* * Handler for MBEDTLS_SSL_END_OF_EARLY_DATA * @@ -2299,6 +2317,32 @@ cleanup: return ret; } +int mbedtls_ssl_get_early_data_status(mbedtls_ssl_context *ssl) +{ + if ((ssl->conf->endpoint != MBEDTLS_SSL_IS_CLIENT) || + (!mbedtls_ssl_is_handshake_over(ssl))) { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + switch (ssl->early_data_status) { + case MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT: + return MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT; + break; + + case MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED: + return MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + break; + + case MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED: + return MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + break; + + default: + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; + } +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) /* * STATE HANDLING: CertificateRequest @@ -2561,9 +2605,8 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_EARLY_DATA) if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED; mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA); - } else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); } else #endif /* MBEDTLS_SSL_EARLY_DATA */ { @@ -3022,9 +3065,11 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) ret = ssl_tls13_process_server_finished(ssl); break; +#if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_SSL_END_OF_EARLY_DATA: ret = ssl_tls13_write_end_of_early_data(ssl); break; +#endif case MBEDTLS_SSL_CLIENT_CERTIFICATE: ret = ssl_tls13_write_client_certificate(ssl); @@ -3054,32 +3099,34 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); + if (ret != 0) { + break; } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO); break; case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state( - ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); + if (ret != 0) { + break; } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE); break; +#if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); if (ret == 0) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); -#if defined(MBEDTLS_SSL_EARLY_DATA) MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early data keys for outbound traffic")); mbedtls_ssl_set_outbound_transform( ssl, ssl->handshake->transform_earlydata); -#endif + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE; } break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 04ecd8b..d448a05 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -12,7 +12,7 @@ #include <string.h> #include "mbedtls/error.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" @@ -1379,6 +1379,12 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> write change cipher spec")); + /* Only one CCS to send. */ + if (ssl->handshake->ccs_sent) { + ret = 0; + goto cleanup; + } + /* Write CCS message */ MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_change_cipher_spec_body( ssl, ssl->out_msg, @@ -1390,6 +1396,8 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl) /* Dispatch message */ MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0)); + ssl->handshake->ccs_sent = 1; + cleanup: MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec")); @@ -1446,6 +1454,54 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl, return 0; } + +#if defined(MBEDTLS_SSL_SRV_C) +int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, + size_t early_data_len) +{ + /* + * This function should be called only while an handshake is in progress + * and thus a session under negotiation. Add a sanity check to detect a + * misuse. + */ + if (ssl->session_negotiate == NULL) { + return MBEDTLS_ERR_SSL_INTERNAL_ERROR; + } + + /* RFC 8446 section 4.6.1 + * + * A server receiving more than max_early_data_size bytes of 0-RTT data + * SHOULD terminate the connection with an "unexpected_message" alert. + * Note that if it is still possible to send early_data_len bytes of early + * data, it means that early_data_len is smaller than max_early_data_size + * (type uint32_t) and can fit in an uint32_t. We use this further + * down. + */ + if (early_data_len > + (ssl->session_negotiate->max_early_data_size - + ssl->total_early_data_size)) { + + MBEDTLS_SSL_DEBUG_MSG( + 2, ("EarlyData: Too much early data received, %u + %" MBEDTLS_PRINTF_SIZET " > %u", + ssl->total_early_data_size, early_data_len, + ssl->session_negotiate->max_early_data_size)); + + MBEDTLS_SSL_PEND_FATAL_ALERT( + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, + MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); + return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; + } + + /* + * early_data_len has been checked to be less than max_early_data_size + * that is uint32_t. Its cast to an uint32_t below is thus safe. We need + * the cast to appease some compilers. + */ + ssl->total_early_data_size += (uint32_t) early_data_len; + + return 0; +} +#endif /* MBEDTLS_SSL_SRV_C */ #endif /* MBEDTLS_SSL_EARLY_DATA */ /* Reset SSL context and update hash for handling HRR. @@ -1539,26 +1595,36 @@ static psa_status_t mbedtls_ssl_get_psa_ffdh_info_from_tls_id( uint16_t tls_id, size_t *bits, psa_key_type_t *key_type) { switch (tls_id) { +#if defined(PSA_WANT_DH_RFC7919_2048) case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048: *bits = 2048; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); return PSA_SUCCESS; +#endif /* PSA_WANT_DH_RFC7919_2048 */ +#if defined(PSA_WANT_DH_RFC7919_3072) case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072: *bits = 3072; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); return PSA_SUCCESS; +#endif /* PSA_WANT_DH_RFC7919_3072 */ +#if defined(PSA_WANT_DH_RFC7919_4096) case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096: *bits = 4096; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); return PSA_SUCCESS; +#endif /* PSA_WANT_DH_RFC7919_4096 */ +#if defined(PSA_WANT_DH_RFC7919_6144) case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144: *bits = 6144; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); return PSA_SUCCESS; +#endif /* PSA_WANT_DH_RFC7919_6144 */ +#if defined(PSA_WANT_DH_RFC7919_8192) case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192: *bits = 8192; *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919); return PSA_SUCCESS; +#endif /* PSA_WANT_DH_RFC7919_8192 */ default: return PSA_ERROR_NOT_SUPPORTED; } diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index edb453c..739414e 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -13,7 +13,7 @@ #include <string.h> #include "mbedtls/hkdf.h" -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 904bb5b..887c5c6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -9,7 +9,7 @@ #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3) -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" @@ -39,6 +39,63 @@ static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite( return ciphersuite_info; } +static void ssl_tls13_select_ciphersuite( + mbedtls_ssl_context *ssl, + const unsigned char *cipher_suites, + const unsigned char *cipher_suites_end, + int psk_ciphersuite_id, + psa_algorithm_t psk_hash_alg, + const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info) +{ + *selected_ciphersuite_info = NULL; + + /* + * In a compliant ClientHello the byte-length of the list of ciphersuites + * is even and this function relies on this fact. This should have been + * checked in the main ClientHello parsing function. Double check here. + */ + if ((cipher_suites_end - cipher_suites) & 1) { + return; + } + + for (const unsigned char *p = cipher_suites; + p < cipher_suites_end; p += 2) { + /* + * "cipher_suites_end - p is even" is an invariant of the loop. As + * cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and it + * is thus safe to read two bytes. + */ + uint16_t id = MBEDTLS_GET_UINT16_BE(p, 0); + + const mbedtls_ssl_ciphersuite_t *info = + ssl_tls13_validate_peer_ciphersuite(ssl, id); + if (info == NULL) { + continue; + } + + /* + * If a valid PSK ciphersuite identifier has been passed in, we want + * an exact match. + */ + if (psk_ciphersuite_id != 0) { + if (id != psk_ciphersuite_id) { + continue; + } + } else if (psk_hash_alg != PSA_ALG_NONE) { + if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac) != + psk_hash_alg) { + continue; + } + } + + *selected_ciphersuite_info = info; + return; + } + + MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x", + (unsigned) psk_ciphersuite_id, psk_hash_alg)); +} + #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* From RFC 8446: * @@ -90,8 +147,30 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, return 0; } -#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1 -#define SSL_TLS1_3_OFFERED_PSK_MATCH 0 +/* + * Non-error return values of + * ssl_tls13_offered_psks_check_identity_match_ticket() and + * ssl_tls13_offered_psks_check_identity_match(). They are positive to + * not collide with error codes that are negative. Zero + * (SSL_TLS1_3_PSK_IDENTITY_MATCH) in case of success as it may be propagated + * up by the callers of this function as a generic success condition. + * + * The return value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE means + * that the pre-shared-key identity matches that of a ticket or an externally- + * provisioned pre-shared-key. We have thus been able to retrieve the + * attributes of the pre-shared-key but at least one of them does not meet + * some criteria and the pre-shared-key cannot be used. For example, a ticket + * is expired or its version is not TLS 1.3. Note eventually that the return + * value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE does not have + * anything to do with binder check. A binder check is done only when a + * suitable pre-shared-key has been selected and only for that selected + * pre-shared-key: if the binder check fails, we fail the handshake and we do + * not try to find another pre-shared-key for which the binder check would + * succeed as recommended by the specification. + */ +#define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2 +#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1 +#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0 #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL @@ -109,7 +188,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *ticket_buffer; - unsigned int key_exchanges; #if defined(MBEDTLS_HAVE_TIME) mbedtls_ms_time_t now; mbedtls_ms_time_t server_age; @@ -123,7 +201,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( /* Ticket parser is not configured, Skip */ if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) { - return 0; + return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; } /* We create a copy of the encrypted ticket since the ticket parsing @@ -133,63 +211,51 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( */ ticket_buffer = mbedtls_calloc(1, identity_len); if (ticket_buffer == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small")); return MBEDTLS_ERR_SSL_ALLOC_FAILED; } memcpy(ticket_buffer, identity, identity_len); - if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, - session, - ticket_buffer, identity_len)) != 0) { - if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) { - MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); - } else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) { + ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket, + session, + ticket_buffer, identity_len); + switch (ret) { + case 0: + ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; + break; + + case MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED: MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired")); - } else { + ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; + break; + + case MBEDTLS_ERR_SSL_INVALID_MAC: + MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic")); + ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; + break; + + default: MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret); - } + ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; } /* We delete the temporary buffer */ mbedtls_free(ticket_buffer); - if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); - /* TODO: Define new return value for this case. */ - ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION; - } - - if (ret != 0) { + if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { goto exit; } - /* RFC 8446 section 4.2.9 - * - * Servers SHOULD NOT send NewSessionTicket with tickets that are not - * compatible with the advertised modes; however, if a server does so, - * the impact will just be that the client's attempts at resumption fail. - * - * We regard the ticket with incompatible key exchange modes as not match. + /* + * The identity matches that of a ticket. Now check that it has suitable + * attributes and bet it will not be the case. */ - ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR; - MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags); - - key_exchanges = 0; - if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) && - ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { - key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - } - if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) && - ssl_tls13_key_exchange_is_psk_available(ssl)) { - key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - } + ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; - if (key_exchanges == 0) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode")); + if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3.")); goto exit; } - ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; #if defined(MBEDTLS_HAVE_TIME) now = mbedtls_ms_time(); @@ -242,13 +308,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( age_diff)); goto exit; } - - ret = 0; - #endif /* MBEDTLS_HAVE_TIME */ + /* + * All good, we have found a suitable ticket. + */ + ret = SSL_TLS1_3_PSK_IDENTITY_MATCH; + exit: - if (ret != 0) { + if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { mbedtls_ssl_session_free(session); } @@ -273,13 +341,11 @@ static int ssl_tls13_offered_psks_check_identity_match( *psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL; MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len); - ssl->handshake->resume = 0; #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl_tls13_offered_psks_check_identity_match_ticket( - ssl, identity, identity_len, obfuscated_ticket_age, - session) == SSL_TLS1_3_OFFERED_PSK_MATCH) { - ssl->handshake->resume = 1; + ret = ssl_tls13_offered_psks_check_identity_match_ticket( + ssl, identity, identity_len, obfuscated_ticket_age, session); + if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH) { *psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION; ret = mbedtls_ssl_set_hs_psk(ssl, session->resumption_key, @@ -294,7 +360,9 @@ static int ssl_tls13_offered_psks_check_identity_match( session->resumption_key_len); MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u", (unsigned) obfuscated_ticket_age)); - return SSL_TLS1_3_OFFERED_PSK_MATCH; + return SSL_TLS1_3_PSK_IDENTITY_MATCH; + } else if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE) { + return SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE; } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ @@ -302,9 +370,9 @@ static int ssl_tls13_offered_psks_check_identity_match( if (ssl->conf->f_psk != NULL) { if (ssl->conf->f_psk( ssl->conf->p_psk, ssl, identity, identity_len) == 0) { - return SSL_TLS1_3_OFFERED_PSK_MATCH; + return SSL_TLS1_3_PSK_IDENTITY_MATCH; } - return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; + return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; } MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len); @@ -318,12 +386,20 @@ static int ssl_tls13_offered_psks_check_identity_match( MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret); return ret; } - return SSL_TLS1_3_OFFERED_PSK_MATCH; + return SSL_TLS1_3_PSK_IDENTITY_MATCH; } - return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; + return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH; } +/* + * Non-error return values of ssl_tls13_offered_psks_check_binder_match(). + * They are positive to not collide with error codes that are negative. Zero + * (SSL_TLS1_3_BINDER_MATCH) in case of success as it may be propagated up + * by the callers of this function as a generic success condition. + */ +#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1 +#define SSL_TLS1_3_BINDER_MATCH 0 MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_binder_match( mbedtls_ssl_context *ssl, @@ -368,100 +444,16 @@ static int ssl_tls13_offered_psks_check_binder_match( MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len); if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) { - return SSL_TLS1_3_OFFERED_PSK_MATCH; + return SSL_TLS1_3_BINDER_MATCH; } mbedtls_platform_zeroize(server_computed_binder, sizeof(server_computed_binder)); - return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH; -} - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_select_ciphersuite_for_psk( - mbedtls_ssl_context *ssl, - const unsigned char *cipher_suites, - const unsigned char *cipher_suites_end, - uint16_t *selected_ciphersuite, - const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info) -{ - psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256; - - *selected_ciphersuite = 0; - *selected_ciphersuite_info = NULL; - - /* RFC 8446, page 55. - * - * For externally established PSKs, the Hash algorithm MUST be set when the - * PSK is established or default to SHA-256 if no such algorithm is defined. - * - */ - - /* - * Search for a matching ciphersuite - */ - for (const unsigned char *p = cipher_suites; - p < cipher_suites_end; p += 2) { - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0); - ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, - cipher_suite); - if (ciphersuite_info == NULL) { - continue; - } - - /* MAC of selected ciphersuite MUST be same with PSK binder if exist. - * Otherwise, client should reject. - */ - if (psk_hash_alg == - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) { - *selected_ciphersuite = cipher_suite; - *selected_ciphersuite_info = ciphersuite_info; - return 0; - } - } - MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite")); - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + return SSL_TLS1_3_BINDER_DOES_NOT_MATCH; } #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_select_ciphersuite_for_resumption( - mbedtls_ssl_context *ssl, - const unsigned char *cipher_suites, - const unsigned char *cipher_suites_end, - mbedtls_ssl_session *session, - uint16_t *selected_ciphersuite, - const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info) -{ - - *selected_ciphersuite = 0; - *selected_ciphersuite_info = NULL; - for (const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2) { - uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0); - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - - if (cipher_suite != session->ciphersuite) { - continue; - } - - ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl, - cipher_suite); - if (ciphersuite_info == NULL) { - continue; - } - - *selected_ciphersuite = cipher_suite; - *selected_ciphersuite_info = ciphersuite_info; - - return 0; - } - - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; -} - -MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst, const mbedtls_ssl_session *src) { @@ -481,6 +473,13 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst, } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ +struct psk_attributes { + int type; + int key_exchange_mode; + const mbedtls_ssl_ciphersuite_t *ciphersuite_info; +}; +#define PSK_ATTRIBUTES_INIT { 0, 0, NULL } + /* Parser for pre_shared_key extension in client hello * struct { * opaque identity<1..2^16-1>; @@ -507,7 +506,8 @@ static int ssl_tls13_parse_pre_shared_key_ext( const unsigned char *pre_shared_key_ext, const unsigned char *pre_shared_key_ext_end, const unsigned char *ciphersuites, - const unsigned char *ciphersuites_end) + const unsigned char *ciphersuites_end, + struct psk_attributes *psk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *identities = pre_shared_key_ext; @@ -558,9 +558,10 @@ static int ssl_tls13_parse_pre_shared_key_ext( uint32_t obfuscated_ticket_age; const unsigned char *binder; size_t binder_len; - int psk_type; - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; + int psk_ciphersuite_id; + psa_algorithm_t psk_hash_alg; + int allowed_key_exchange_modes; + #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); @@ -586,47 +587,74 @@ static int ssl_tls13_parse_pre_shared_key_ext( ret = ssl_tls13_offered_psks_check_identity_match( ssl, identity, identity_len, obfuscated_ticket_age, - &psk_type, &session); - if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { + &psk->type, &session); + if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) { continue; } MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity")); - switch (psk_type) { + + switch (psk->type) { case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL: - ret = ssl_tls13_select_ciphersuite_for_psk( - ssl, ciphersuites, ciphersuites_end, - &cipher_suite, &ciphersuite_info); + psk_ciphersuite_id = 0; + psk_hash_alg = PSA_ALG_SHA_256; + allowed_key_exchange_modes = + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; break; - case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ret = ssl_tls13_select_ciphersuite_for_resumption( - ssl, ciphersuites, ciphersuites_end, &session, - &cipher_suite, &ciphersuite_info); - if (ret != 0) { - mbedtls_ssl_session_free(&session); - } -#else - ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; -#endif + case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION: + psk_ciphersuite_id = session.ciphersuite; + psk_hash_alg = PSA_ALG_NONE; + ssl->session_negotiate->ticket_flags = session.ticket_flags; + allowed_key_exchange_modes = + session.ticket_flags & + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; break; +#endif default: return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - if (ret != 0) { - /* See below, no cipher_suite available, abort handshake */ + + psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; + + if ((allowed_key_exchange_modes & + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && + ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { + psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + } else if ((allowed_key_exchange_modes & + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && + ssl_tls13_key_exchange_is_psk_available(ssl)) { + psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + } + + if (psk->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) { + MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode")); + continue; + } + + ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end, + psk_ciphersuite_id, psk_hash_alg, + &psk->ciphersuite_info); + + if (psk->ciphersuite_info == NULL) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + mbedtls_ssl_session_free(&session); +#endif + /* + * We consider finding a ciphersuite suitable for the PSK as part + * of the validation of its binder. Thus if we do not find one, we + * abort the handshake with a decrypt_error alert. + */ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); - MBEDTLS_SSL_DEBUG_RET( - 2, "ssl_tls13_select_ciphersuite", ret); - return ret; + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } ret = ssl_tls13_offered_psks_check_binder_match( - ssl, binder, binder_len, psk_type, - mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)); - if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { + ssl, binder, binder_len, psk->type, + mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) psk->ciphersuite_info->mac)); + if (ret != SSL_TLS1_3_BINDER_MATCH) { /* For security reasons, the handshake should be aborted when we * fail to validate a binder value. See RFC 8446 section 4.2.11.2 * and appendix E.6. */ @@ -644,13 +672,8 @@ static int ssl_tls13_parse_pre_shared_key_ext( matched_identity = identity_id; - /* Update handshake parameters */ - ssl->handshake->ciphersuite_info = ciphersuite_info; - ssl->session_negotiate->ciphersuite = cipher_suite; - MBEDTLS_SSL_DEBUG_MSG(2, ("overwrite ciphersuite: %04x - %s", - cipher_suite, ciphersuite_info->name)); #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { + if (psk->type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate, &session); mbedtls_ssl_session_free(&session); @@ -676,7 +699,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( return ret; } if (matched_identity == -1) { - MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket.")); + MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket.")); return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; } @@ -1003,43 +1026,10 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange( #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl, - unsigned int kex_mode) -{ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->resume) { - if (!mbedtls_ssl_tls13_session_ticket_has_flags( - ssl->session_negotiate, kex_mode)) { - return 0; - } - } -#else - ((void) ssl); - ((void) kex_mode); -#endif - return 1; -} -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) -{ -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) - return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && - ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); -#else - ((void) ssl); - return 0; -#endif -} - -MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) - return ssl_tls13_ticket_is_kex_mode_permitted( - ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) && - mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && + return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) && mbedtls_ssl_tls13_is_psk_supported(ssl) && ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl); #else @@ -1052,9 +1042,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) - return ssl_tls13_ticket_is_kex_mode_permitted( - ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) && - mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && + return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) && mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) && ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl); #else @@ -1062,52 +1050,18 @@ static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context return 0; #endif } +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ -static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl) +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ssl) { - /* - * Determine the key exchange algorithm to use. - * There are three types of key exchanges supported in TLS 1.3: - * - (EC)DH with ECDSA, - * - (EC)DH with PSK, - * - plain PSK. - * - * The PSK-based key exchanges may additionally be used with 0-RTT. - * - * Our built-in order of preference is - * 1 ) (EC)DHE-PSK Mode ( psk_ephemeral ) - * 2 ) Certificate Mode ( ephemeral ) - * 3 ) Plain PSK Mode ( psk ) - */ - - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE; - - if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); - } else - if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); - } else - if (ssl_tls13_key_exchange_is_psk_available(ssl)) { - ssl->handshake->key_exchange_mode = - MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; - MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); - } else { - MBEDTLS_SSL_DEBUG_MSG( - 1, - ("ClientHello message misses mandatory extensions.")); - MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); - return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; - } - +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) + return mbedtls_ssl_conf_tls13_is_ephemeral_enabled(ssl) && + ssl_tls13_client_hello_has_exts_for_ephemeral_key_exchange(ssl); +#else + ((void) ssl); return 0; - +#endif } #if defined(MBEDTLS_X509_CRT_PARSE_C) && \ @@ -1301,6 +1255,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, int no_usable_share_for_key_agreement = 0; #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) + int got_psk = 0; + struct psk_attributes psk = PSK_ATTRIBUTES_INIT; const unsigned char *pre_shared_key_ext = NULL; const unsigned char *pre_shared_key_ext_end = NULL; #endif @@ -1437,12 +1393,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, * We negotiate TLS 1.3. */ ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - /* Store minor version for later use with ticket serialization. */ ssl->session_negotiate->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; ssl->session_negotiate->endpoint = ssl->conf->endpoint; -#endif /* * We are negotiating the version 1.3 of the protocol. Do what we have @@ -1468,37 +1420,20 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, */ MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites", cipher_suites, cipher_suites_len); - for (const unsigned char *cipher_suites_p = cipher_suites; - cipher_suites_p < cipher_suites_end; cipher_suites_p += 2) { - uint16_t cipher_suite; - const mbedtls_ssl_ciphersuite_t *ciphersuite_info; - /* - * "cipher_suites_end - cipher_suites_p is even" is an invariant of the - * loop. As cipher_suites_end - cipher_suites_p > 0, we have - * cipher_suites_end - cipher_suites_p >= 2 and it is thus safe to read - * two bytes. - */ - cipher_suite = MBEDTLS_GET_UINT16_BE(cipher_suites_p, 0); - ciphersuite_info = ssl_tls13_validate_peer_ciphersuite( - ssl, cipher_suite); - if (ciphersuite_info == NULL) { - continue; - } - - ssl->session_negotiate->ciphersuite = cipher_suite; - handshake->ciphersuite_info = ciphersuite_info; - MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s", - cipher_suite, - ciphersuite_info->name)); - break; - } + ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end, + 0, PSA_ALG_NONE, &handshake->ciphersuite_info); if (handshake->ciphersuite_info == NULL) { MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } + ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id; + + MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s", + ((unsigned) handshake->ciphersuite_info->id), + handshake->ciphersuite_info->name)); /* ... * opaque legacy_compression_methods<1..2^8-1>; @@ -1533,6 +1468,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, unsigned int extension_type; size_t extension_data_len; const unsigned char *extension_data_end; + uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH; + + if (ssl->handshake->hello_retry_request_flag) { + /* Do not accept early data extension in 2nd ClientHello */ + allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA); + } /* RFC 8446, section 4.2.11 * @@ -1560,7 +1501,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, ret = mbedtls_ssl_tls13_check_received_extension( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type, - MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH); + allowed_exts); if (ret != 0) { return ret; } @@ -1732,10 +1673,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, /* Update checksum with either * - The entire content of the CH message, if no PSK extension is present * - The content up to but excluding the PSK extension, if present. + * Always parse the pre-shared-key extension when present in the + * ClientHello even if some pre-requisites for PSK key exchange modes are + * not met. That way we always validate the syntax of the extension. */ - /* If we've settled on a PSK-based exchange, parse PSK identity ext */ - if (ssl_tls13_key_exchange_is_psk_available(ssl) || - ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) { + if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) { ret = handshake->update_checksum(ssl, buf, pre_shared_key_ext - buf); if (0 != ret) { @@ -1746,10 +1688,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, pre_shared_key_ext, pre_shared_key_ext_end, cipher_suites, - cipher_suites_end); - if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { - handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY); - } else if (ret != 0) { + cipher_suites_end, + &psk); + if (ret == 0) { + got_psk = 1; + } else if (ret != MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_tls13_parse_pre_shared_key_ext", ret); return ret; @@ -1764,12 +1707,68 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } } - ret = ssl_tls13_determine_key_exchange_mode(ssl); - if (ret < 0) { - return ret; + /* + * Determine the key exchange algorithm to use. + * There are three types of key exchanges supported in TLS 1.3: + * - (EC)DH with ECDSA, + * - (EC)DH with PSK, + * - plain PSK. + * + * The PSK-based key exchanges may additionally be used with 0-RTT. + * + * Our built-in order of preference is + * 1 ) (EC)DHE-PSK Mode ( psk_ephemeral ) + * 2 ) Certificate Mode ( ephemeral ) + * 3 ) Plain PSK Mode ( psk ) + */ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) + if (got_psk && (psk.key_exchange_mode == + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) { + handshake->key_exchange_mode = + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL; + MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral")); + + } else +#endif + if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) { + handshake->key_exchange_mode = + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL; + MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral")); + + } +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) + else if (got_psk && (psk.key_exchange_mode == + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) { + handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK; + MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk")); } +#endif + else { + MBEDTLS_SSL_DEBUG_MSG( + 1, + ("ClientHello message misses mandatory extensions.")); + MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER); + return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; + } + +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) + if (handshake->key_exchange_mode & + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) { + handshake->ciphersuite_info = psk.ciphersuite_info; + ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id; + + MBEDTLS_SSL_DEBUG_MSG(2, ("Select PSK ciphersuite: %04x - %s", + ((unsigned) psk.ciphersuite_info->id), + psk.ciphersuite_info->name)); + + if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) { + handshake->resume = 1; + } + } +#endif - if (ssl->handshake->key_exchange_mode != + if (handshake->key_exchange_mode != MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) { hrr_required = (no_usable_share_for_key_agreement != 0); } @@ -1780,25 +1779,15 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_EARLY_DATA) -static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) +static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl) { mbedtls_ssl_handshake_params *handshake = ssl->handshake; - if ((handshake->received_extensions & - MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ("EarlyData: no early data extension received.")); - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED; - return; - } - - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) { MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, feature disabled in server configuration.")); - return; + return -1; } if (!handshake->resume) { @@ -1807,7 +1796,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) resumption. */ MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, not a session resumption.")); - return; + return -1; } /* RFC 8446 4.2.10 @@ -1830,7 +1819,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, the selected key in " "`pre_shared_key` is not the first one.")); - return; + return -1; } if (handshake->ciphersuite_info->id != @@ -1838,7 +1827,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG( 1, ("EarlyData: rejected, the selected ciphersuite is not the one " "of the selected pre-shared key.")); - return; + return -1; } @@ -1847,18 +1836,18 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl) 1, ("EarlyData: rejected, early_data not allowed in ticket " "permission bits.")); - return; + return -1; } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - + return 0; } #endif /* MBEDTLS_SSL_EARLY_DATA */ /* Update the handshake state machine */ MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) +static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl, + int hrr_required) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -1882,17 +1871,26 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - /* There is enough information, update early data state. */ - ssl_tls13_update_early_data_status(ssl); + if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) { + ssl->handshake->early_data_accepted = + (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0); - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { - ret = mbedtls_ssl_tls13_compute_early_transform(ssl); - if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_tls13_compute_early_transform", ret); - return ret; + if (ssl->handshake->early_data_accepted) { + ret = mbedtls_ssl_tls13_compute_early_transform(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_tls13_compute_early_transform", ret); + return ret; + } + } else { + ssl->discard_early_data_record = + hrr_required ? + MBEDTLS_SSL_EARLY_DATA_DISCARD : + MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD; } } +#else + ((void) hrr_required); #endif /* MBEDTLS_SSL_EARLY_DATA */ return 0; @@ -1947,7 +1945,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl) return 0; } - MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl)); + MBEDTLS_SSL_PROC_CHK( + ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret == + SSL_CLIENT_HELLO_HRR_REQUIRED)); if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) { mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); @@ -1970,10 +1970,6 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *server_randbytes = ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { @@ -2424,7 +2420,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_prepare_hello_retry_request(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (ssl->handshake->hello_retry_request_count > 0) { + if (ssl->handshake->hello_retry_request_flag) { MBEDTLS_SSL_DEBUG_MSG(1, ("Too many HRRs")); MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE, MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE); @@ -2471,7 +2467,7 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, msg_len)); - ssl->handshake->hello_retry_request_count++; + ssl->handshake->hello_retry_request_flag = 1; #if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) /* The server sends a dummy change_cipher_spec record immediately @@ -2530,7 +2526,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->handshake->early_data_accepted) { ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, 0, p, end, &output_len); if (ret != 0) { @@ -2857,7 +2853,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl) } #if defined(MBEDTLS_SSL_EARLY_DATA) - if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) { + if (ssl->handshake->early_data_accepted) { /* See RFC 8446 section A.2 for more information */ MBEDTLS_SSL_DEBUG_MSG( 1, ("Switch to early keys for inbound traffic. " @@ -2910,7 +2906,15 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl) } if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) { - MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data")); + if (ssl->in_offt == NULL) { + MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data")); + /* Set the reading pointer */ + ssl->in_offt = ssl->in_msg; + ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen); + if (ret != 0) { + return ret; + } + } return SSL_GOT_EARLY_DATA; } @@ -2936,37 +2940,6 @@ static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl, return 0; } -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); - return ret; - } - - /* - * Output early data - * - * For the time being, we print received data via debug message. - * - * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready. - */ - ssl->in_msg[ssl->in_msglen] = 0; - MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg)); - - /* RFC 8446 section 4.6.1 - * - * A server receiving more than max_early_data_size bytes of 0-RTT data - * SHOULD terminate the connection with an "unexpected_message" alert. - * - * TODO: Add received data size check here. - */ - - return 0; -} - /* * RFC 8446 section A.2 * @@ -3037,7 +3010,8 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl) ssl_tls13_prepare_for_handshake_second_flight(ssl); } else if (ret == SSL_GOT_EARLY_DATA) { - MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl)); + ret = MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA; + goto cleanup; } else { MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen")); ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; @@ -3144,10 +3118,6 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> prepare NewSessionTicket msg")); -#if defined(MBEDTLS_HAVE_TIME) - session->ticket_creation_time = mbedtls_ms_time(); -#endif - /* Set ticket_flags depends on the advertised psk key exchange mode */ mbedtls_ssl_tls13_session_clear_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK); @@ -3161,6 +3131,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, ssl->conf->max_early_data_size > 0) { mbedtls_ssl_tls13_session_set_ticket_flags( session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA); + session->max_early_data_size = ssl->conf->max_early_data_size; } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -3282,6 +3253,9 @@ static int ssl_tls13_write_new_session_ticket_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_PTR(p, end, 4 + 4 + 1 + ticket_nonce_size + 2); /* Generate ticket and ticket_lifetime */ +#if defined(MBEDTLS_HAVE_TIME) + session->ticket_creation_time = mbedtls_ms_time(); +#endif ret = ssl->conf->f_ticket_write(ssl->conf->p_ticket, session, p + 9 + ticket_nonce_size + 2, @@ -3495,9 +3469,10 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl) case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO: ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl); - if (ret == 0) { - mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); + if (ret != 0) { + break; } + mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); break; #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ diff --git a/library/x509.c b/library/x509.c index b7b71f3..f97fb44 100644 --- a/library/x509.c +++ b/library/x509.c @@ -19,7 +19,7 @@ #if defined(MBEDTLS_X509_USE_C) -#include "mbedtls/x509.h" +#include "x509_internal.h" #include "mbedtls/asn1.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509_create.c b/library/x509_create.c index f7a17e7..839b5df 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -9,7 +9,7 @@ #if defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/x509.h" +#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509_crl.c b/library/x509_crl.c index fdbad23..7901992 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -20,6 +20,7 @@ #if defined(MBEDTLS_X509_CRL_PARSE_C) #include "mbedtls/x509_crl.h" +#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 84b92a8..2fd56fb 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_X509_CRT_PARSE_C) #include "mbedtls/x509_crt.h" +#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" @@ -3289,4 +3290,12 @@ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx) } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt) +{ + if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) { + return crt->MBEDTLS_PRIVATE(ca_istrue); + } + return MBEDTLS_ERR_X509_INVALID_EXTENSIONS; +} + #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/x509_csr.c b/library/x509_csr.c index 79b1589..813d644 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -20,6 +20,7 @@ #if defined(MBEDTLS_X509_CSR_PARSE_C) #include "mbedtls/x509_csr.h" +#include "x509_internal.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" diff --git a/library/x509_internal.h b/library/x509_internal.h new file mode 100644 index 0000000..8a2d2ed --- /dev/null +++ b/library/x509_internal.h @@ -0,0 +1,86 @@ +/** + * \file x509.h + * + * \brief Internal part of the public "x509.h". + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +#ifndef MBEDTLS_X509_INTERNAL_H +#define MBEDTLS_X509_INTERNAL_H +#include "mbedtls/private_access.h" + +#include "mbedtls/build_info.h" + +#include "mbedtls/x509.h" +#include "mbedtls/asn1.h" +#include "pk_internal.h" + +#if defined(MBEDTLS_RSA_C) +#include "mbedtls/rsa.h" +#endif + +int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, + mbedtls_x509_name *cur); +int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg); +int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *alg, mbedtls_x509_buf *params); +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) +int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params, + mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md, + int *salt_len); +#endif +int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig); +int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params, + mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, + void **sig_opts); +int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end, + mbedtls_x509_time *t); +int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *serial); +int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, + mbedtls_x509_buf *ext, int tag); +#if !defined(MBEDTLS_X509_REMOVE_INFO) +int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid, + mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, + const void *sig_opts); +#endif +int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name); +int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, + int critical, const unsigned char *val, + size_t val_len); +int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, + mbedtls_asn1_named_data *first); +int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, + const char *oid, size_t oid_len, + unsigned char *sig, size_t size, + mbedtls_pk_type_t pk_alg); +int mbedtls_x509_get_ns_cert_type(unsigned char **p, + const unsigned char *end, + unsigned char *ns_cert_type); +int mbedtls_x509_get_key_usage(unsigned char **p, + const unsigned char *end, + unsigned int *key_usage); +int mbedtls_x509_get_subject_alt_name(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name); +int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, + const unsigned char *end, + mbedtls_x509_sequence *subject_alt_name); +int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, + const mbedtls_x509_sequence + *subject_alt_name, + const char *prefix); +int mbedtls_x509_info_cert_type(char **buf, size_t *size, + unsigned char ns_cert_type); +int mbedtls_x509_info_key_usage(char **buf, size_t *size, + unsigned int key_usage); + +int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions, + const mbedtls_x509_san_list *san_list); + +#endif /* MBEDTLS_X509_INTERNAL_H */ diff --git a/library/x509write.c b/library/x509write.c index d434df5..4704900 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -8,6 +8,7 @@ #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" +#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 913b15a..72f5a10 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -16,6 +16,7 @@ #if defined(MBEDTLS_X509_CRT_WRITE_C) #include "mbedtls/x509_crt.h" +#include "x509_internal.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" diff --git a/library/x509write_csr.c b/library/x509write_csr.c index af75e7f..d3ddbcc 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -14,7 +14,7 @@ #if defined(MBEDTLS_X509_CSR_WRITE_C) -#include "mbedtls/x509.h" +#include "x509_internal.h" #include "mbedtls/x509_csr.h" #include "mbedtls/asn1write.h" #include "mbedtls/error.h" diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt new file mode 100644 index 0000000..7dfc043 --- /dev/null +++ b/pkgconfig/CMakeLists.txt @@ -0,0 +1,25 @@ +if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL) + include(JoinPaths.cmake) + join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}") + join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}") + + #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below. + # Prefix with something that won't clash with newer versions of CMAKE. + set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.") + set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/") + + configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedtls.pc.in mbedtls.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + configure_file(mbedx509.pc.in mbedx509.pc @ONLY) + install(FILES + ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) +endif() diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake new file mode 100644 index 0000000..193caed --- /dev/null +++ b/pkgconfig/JoinPaths.cmake @@ -0,0 +1,27 @@ +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# This module provides function for joining paths +# known from most languages +# +# Copyright The Mbed TLS Contributors +# +# This script originates from: +# - https://github.com/jtojnar/cmake-snips +# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and +# allowed for the change of Copyright. +# +# Modelled after Python’s os.path.join +# https://docs.python.org/3.7/library/os.path.html#os.path.join +# Windows not supported +function(join_paths joined_path first_path_segment) + set(temp_path "${first_path_segment}") + foreach(current_segment IN LISTS ARGN) + if(NOT ("${current_segment}" STREQUAL "")) + if(IS_ABSOLUTE "${current_segment}") + set(temp_path "${current_segment}") + else() + set(temp_path "${temp_path}/${current_segment}") + endif() + endif() + endforeach() + set(${joined_path} "${temp_path}" PARENT_SCOPE) +endfunction() diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in new file mode 100644 index 0000000..b35afc1 --- /dev/null +++ b/pkgconfig/mbedcrypto.pc.in @@ -0,0 +1,10 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedcrypto diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in new file mode 100644 index 0000000..2bfce80 --- /dev/null +++ b/pkgconfig/mbedtls.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Requires.private: mbedcrypto mbedx509 +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedtls diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in new file mode 100644 index 0000000..0ab2e31 --- /dev/null +++ b/pkgconfig/mbedx509.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +includedir=@PKGCONFIG_INCLUDEDIR@ +libdir=@PKGCONFIG_LIBDIR@ + +Name: @PROJECT_NAME@ +Description: @PKGCONFIG_PROJECT_DESCRIPTION@ +URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@ +Version: @PROJECT_VERSION@ +Requires.private: mbedcrypto +Cflags: -I"${includedir}" +Libs: -L"${libdir}" -lmbedx509 diff --git a/programs/Makefile b/programs/Makefile index 1a7b7d0..8d1da6d 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -117,7 +117,7 @@ all: fuzz endif fuzz: ${MBEDTLS_TEST_OBJS} - $(MAKE) -C fuzz THIRDPARTY_INCLUDES=$(THIRDPARTY_INCLUDES) + $(MAKE) -C fuzz ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 85bcd5f..ccb8db5 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -4,7 +4,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt index 93e5f31..e925524 100644 --- a/programs/cipher/CMakeLists.txt +++ b/programs/cipher/CMakeLists.txt @@ -4,7 +4,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 7747744..c389029 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -1,5 +1,6 @@ set(libs ${mbedtls_target} + ${CMAKE_THREAD_LIBS_INIT} ) find_library(FUZZINGENGINE_LIB FuzzingEngine) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index b4fc76a..828e518 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,36 +1,14 @@ -MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) +MBEDTLS_TEST_PATH:=../../tests -CFLAGS ?= -O2 -WARNING_CFLAGS ?= -Wall -Wextra -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../../library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) +MBEDTLS_PATH := ../.. +include ../../scripts/common.make -LOCAL_CFLAGS += $(patsubst -I../%,-I../../%,$(THIRDPARTY_INCLUDES)) - -ifndef SHARED -DEP=../../library/libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a -else -DEP=../../library/libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT) -endif - - -DLEXT ?= so -EXEXT= -SHARED_SUFFIX= +DEP=${MBEDLIBS} ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -ifdef WINDOWS_BUILD -LOCAL_LDFLAGS += -lbcrypt -endif - # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. @@ -45,9 +23,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -$(DEP): - $(MAKE) -C ../../library - C_FILES := $(addsuffix .c,$(APPS)) %.o: %.c diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index d4e1d74..07ca96e 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 3659026..6581dcb 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <string.h> #include <stdlib.h> #include <stdint.h> diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 1632e9d..fd3e0aa 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <string.h> #include <stdlib.h> #include <stdint.h> @@ -137,7 +135,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ret = mbedtls_ssl_handshake(&ssl); if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - biomemfuzz.Offset = ssl.next_record_offset; + biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset); mbedtls_ssl_session_reset(&ssl); mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) { diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index ce75624..7530964 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <stdint.h> #include <stdlib.h> #include <string.h> @@ -73,7 +71,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = ecp->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 9203b4e..0b153b1 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <stdint.h> #include <stdlib.h> #include "mbedtls/pk.h" @@ -49,7 +47,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = ecp->grp.id; + mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); const mbedtls_ecp_curve_info *curve_info = mbedtls_ecp_curve_info_from_grp_id(grp_id); @@ -61,9 +59,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) /* It's a public key, so the private value should not have * been changed from its initialization to 0. */ - if (mbedtls_mpi_cmp_int(&ecp->d, 0) != 0) { + mbedtls_mpi d; + mbedtls_mpi_init(&d); + if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { + abort(); + } + if (mbedtls_mpi_cmp_int(&d, 0) != 0) { abort(); } + mbedtls_mpi_free(&d); } else #endif { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index e767859..64b35ed 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 313540d..151db92 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <stdint.h> #include "mbedtls/x509_crl.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 8442090..3eee072 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <stdint.h> #include "mbedtls/x509_crt.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 395d3c2..7946e57 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,5 +1,3 @@ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include <stdint.h> #include "mbedtls/x509_csr.h" diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index da98188..fcacf3b 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 3ad5643..cd0387a 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedtls_target}) + target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() @@ -32,7 +32,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 0cb1562..165cee2 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -13,14 +13,13 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_MD_CAN_SHA1) + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -33,9 +32,8 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " @@ -60,12 +58,14 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; + unsigned int mdlen; size_t n, buflen; mbedtls_net_context server_fd; unsigned char *p, *end; unsigned char buf[2048]; - unsigned char hash[32]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; + mbedtls_mpi N, E; const char *pers = "dh_client"; mbedtls_entropy_context entropy; @@ -78,6 +78,8 @@ int main(void) mbedtls_dhm_init(&dhm); mbedtls_aes_init(&aes); mbedtls_ctr_drbg_init(&ctr_drbg); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&E); /* * 1. Setup the RNG @@ -106,16 +108,13 @@ int main(void) } mbedtls_rsa_init(&rsa); - - if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) { + if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || + (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); fclose(f); goto exit; } - - rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3; - fclose(f); /* @@ -182,18 +181,24 @@ int main(void) p += 2; - if ((n = (size_t) (end - p)) != rsa.MBEDTLS_PRIVATE(len)) { + if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n"); goto exit; } - if ((ret = mbedtls_sha1(buf, (int) (p - 2 - buf), hash)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); + mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + if (mdlen == 0) { + mbedtls_printf(" failed\n ! Invalid digest type\n\n"); + goto exit; + } + + if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); goto exit; } if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256, - 32, hash, p)) != 0) { + mdlen, hash, p)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret); goto exit; } @@ -273,6 +278,8 @@ exit: mbedtls_dhm_free(&dhm); mbedtls_ctr_drbg_free(&ctr_drbg); mbedtls_entropy_free(&entropy); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&E); mbedtls_exit(exit_code); } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index adddbf2..1ae5651 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -13,14 +13,13 @@ #if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \ - defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ - defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_MD_CAN_SHA1) + defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \ + defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/net_sockets.h" #include "mbedtls/aes.h" #include "mbedtls/dhm.h" #include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" +#include "mbedtls/sha256.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -33,9 +32,8 @@ #if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \ - !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_SHA1_C) + !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \ + !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) int main(void) { mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C " @@ -53,11 +51,12 @@ int main(void) int ret = 1; int exit_code = MBEDTLS_EXIT_FAILURE; + unsigned int mdlen; size_t n, buflen; mbedtls_net_context listen_fd, client_fd; unsigned char buf[2048]; - unsigned char hash[32]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char buf2[2]; const char *pers = "dh_server"; @@ -67,7 +66,7 @@ int main(void) mbedtls_dhm_context dhm; mbedtls_aes_context aes; - mbedtls_mpi N, P, Q, D, E; + mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G; mbedtls_net_init(&listen_fd); mbedtls_net_init(&client_fd); @@ -76,8 +75,8 @@ int main(void) mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); - + mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P); + mbedtls_mpi_init(&dhm_G); /* * 1. Setup the RNG */ @@ -142,8 +141,9 @@ int main(void) goto exit; } - if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 || - mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) { + if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 || + (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) { mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n"); fclose(f); goto exit; @@ -177,7 +177,7 @@ int main(void) memset(buf, 0, sizeof(buf)); if ((ret = - mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n, + mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) { mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret); goto exit; @@ -186,21 +186,30 @@ int main(void) /* * 5. Sign the parameters and send them */ - if ((ret = mbedtls_sha1(buf, n, hash)) != 0) { - mbedtls_printf(" failed\n ! mbedtls_sha1 returned %d\n\n", ret); + + mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)); + if (mdlen == 0) { + mbedtls_printf(" failed\n ! Invalid digest type\n\n"); + goto exit; + } + + if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) { + mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret); goto exit; } - buf[n] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len) >> 8); - buf[n + 1] = (unsigned char) (rsa.MBEDTLS_PRIVATE(len)); + const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa); + buf[n] = (unsigned char) (rsa_key_len >> 8); + buf[n + 1] = (unsigned char) (rsa_key_len); - if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256, - 32, hash, buf + n + 2)) != 0) { + if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, + MBEDTLS_MD_SHA256, mdlen, + hash, buf + n + 2)) != 0) { mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret); goto exit; } - buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len); + buflen = n + 2 + rsa_key_len; buf2[0] = (unsigned char) (buflen >> 8); buf2[1] = (unsigned char) (buflen); @@ -278,7 +287,8 @@ int main(void) exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); + mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P); + mbedtls_mpi_free(&dhm_G); mbedtls_net_free(&client_fd); mbedtls_net_free(&listen_fd); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 6914c93..194a5cb 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -249,6 +249,7 @@ int main(int argc, char *argv[]) mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); #endif /* MBEDTLS_RSA_C */ + mbedtls_entropy_init(&entropy); mbedtls_pk_init(&key); mbedtls_ctr_drbg_init(&ctr_drbg); memset(buf, 0, sizeof(buf)); @@ -336,7 +337,6 @@ usage: mbedtls_printf("\n . Seeding the random number generator..."); fflush(stdout); - mbedtls_entropy_init(&entropy); #if !defined(_WIN32) && defined(MBEDTLS_FS_IO) if (opt.use_dev_random) { if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 76bfddf..a84af50 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -133,7 +133,7 @@ int main(int argc, char *argv[]) fclose(f); - if (i != rsa.MBEDTLS_PRIVATE(len)) { + if (i != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf("\n ! Invalid RSA signature format\n\n"); goto exit; } diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 4bbb54e..6538f8a 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -126,7 +126,7 @@ int main(int argc, char *argv[]) goto exit; } - for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) { + for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { mbedtls_fprintf(f, "%02X%s", buf[i], (i + 1) % 16 == 0 ? "\r\n" : " "); } diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 9d8ebe3..e14953b 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -131,7 +131,7 @@ int main(int argc, char *argv[]) goto exit; } - for (i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++) { + for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) { mbedtls_fprintf(f, "%02X%s", buf[i], (i + 1) % 16 == 0 ? "\r\n" : " "); } diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index e7d72fd..4a9af77 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -37,11 +37,14 @@ int main(int argc, char *argv[]) int exit_code = MBEDTLS_EXIT_FAILURE; size_t i; mbedtls_rsa_context rsa; + mbedtls_mpi N, E; unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; mbedtls_rsa_init(&rsa); + mbedtls_mpi_init(&N); + mbedtls_mpi_init(&E); if (argc != 2) { mbedtls_printf("usage: rsa_verify <filename>\n"); @@ -62,15 +65,13 @@ int main(int argc, char *argv[]) goto exit; } - if ((ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(N), 16, f)) != 0 || - (ret = mbedtls_mpi_read_file(&rsa.MBEDTLS_PRIVATE(E), 16, f)) != 0) { + if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 || + (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 || + (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) { mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret); fclose(f); goto exit; } - - rsa.MBEDTLS_PRIVATE(len) = (mbedtls_mpi_bitlen(&rsa.MBEDTLS_PRIVATE(N)) + 7) >> 3; - fclose(f); /* @@ -91,7 +92,7 @@ int main(int argc, char *argv[]) fclose(f); - if (i != rsa.MBEDTLS_PRIVATE(len)) { + if (i != mbedtls_rsa_get_len(&rsa)) { mbedtls_printf("\n ! Invalid RSA signature format\n\n"); goto exit; } @@ -124,6 +125,8 @@ int main(int argc, char *argv[]) exit: mbedtls_rsa_free(&rsa); + mbedtls_mpi_free(&N); + mbedtls_mpi_free(&E); mbedtls_exit(exit_code); } diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index c8ee626..a8e4b0e 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -28,7 +28,7 @@ endif() foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index e5edf7b..5940395 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 280bbcf..ec2c86f 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -1,4 +1,3 @@ -set(THREADS_USE_PTHREADS_WIN32 true) find_package(Threads) set(libs @@ -39,7 +38,7 @@ foreach(exe IN LISTS executables) endif() add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test> ${extra_sources}) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2") if(GEN_FILES) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 1b3dedb..332befd 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -52,7 +52,7 @@ int main(void) #define DFL_KEY_OPAQUE 0 #define DFL_KEY_PWD "" #define DFL_PSK "" -#define DFL_EARLY_DATA "" +#define DFL_EARLY_DATA -1 #define DFL_PSK_OPAQUE 0 #define DFL_PSK_IDENTITY "Client_identity" #define DFL_ECJPAKE_PW NULL @@ -347,9 +347,8 @@ int main(void) #if defined(MBEDTLS_SSL_EARLY_DATA) #define USAGE_EARLY_DATA \ - " early_data=%%s The file path to read early data from\n" \ - " default: \"\" (do nothing)\n" \ - " option: a file path\n" + " early_data=%%d default: library default\n" \ + " options: 0 (disabled), 1 (enabled)\n" #else #define USAGE_EARLY_DATA "" #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */ @@ -544,7 +543,7 @@ struct options { int reproducible; /* make communication reproducible */ int skip_close_notify; /* skip sending the close_notify alert */ #if defined(MBEDTLS_SSL_EARLY_DATA) - const char *early_data; /* the path of the file to read early data from */ + int early_data; /* early data enablement flag */ #endif int query_config_mode; /* whether to read config */ int use_srtp; /* Support SRTP */ @@ -717,9 +716,64 @@ exit: return ret; } +/* + * Build HTTP request + */ +static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t len, tail_len, request_size; + + ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page); + if (ret < 0) { + return ret; + } + + len = (size_t) ret; + tail_len = strlen(GET_REQUEST_END); + if (opt.request_size != DFL_REQUEST_SIZE) { + request_size = (size_t) opt.request_size; + } else { + request_size = len + tail_len; + } + + if (request_size > buf_size) { + return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL; + } + + /* Add padding to GET request to reach opt.request_size in length */ + if (opt.request_size != DFL_REQUEST_SIZE && + len + tail_len < request_size) { + memset(buf + len, 'A', request_size - len - tail_len); + len = request_size - tail_len; + } + + strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len); + len += tail_len; + + /* Truncate if request size is smaller than the "natural" size */ + if (opt.request_size != DFL_REQUEST_SIZE && + len > request_size) { + len = request_size; + + /* Still end with \r\n unless that's really not possible */ + if (len >= 2) { + buf[len - 2] = '\r'; + } + if (len >= 1) { + buf[len - 1] = '\n'; + } + } + + *request_len = len; + + return 0; +} + int main(int argc, char *argv[]) { - int ret = 0, len, tail_len, i, written, frags, retry_left; + int ret = 0, i; + size_t len, written, frags, retry_left; int query_config_ret = 0; mbedtls_net_context server_fd; io_ctx_t io_ctx; @@ -742,10 +796,6 @@ int main(int argc, char *argv[]) size_t cid_renego_len = 0; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) - FILE *early_data_fp = NULL; -#endif /* MBEDTLS_SSL_EARLY_DATA */ - #if defined(MBEDTLS_SSL_ALPN) const char *alpn_list[ALPN_LIST_SIZE]; #endif @@ -833,7 +883,7 @@ int main(int argc, char *argv[]) mbedtls_net_init(&server_fd); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); - memset(&saved_session, 0, sizeof(mbedtls_ssl_session)); + mbedtls_ssl_session_init(&saved_session); rng_init(&rng); #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) mbedtls_x509_crt_init(&cacert); @@ -1201,7 +1251,15 @@ usage: #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_EARLY_DATA) else if (strcmp(p, "early_data") == 0) { - opt.early_data = q; + switch (atoi(q)) { + case 0: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + case 1: + opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + break; + default: goto usage; + } } #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -1711,11 +1769,10 @@ usage: &psa_alg, &psa_alg2, &usage, mbedtls_pk_get_type(&pkey)) == 0) { - ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, psa_alg, - usage, psa_alg2); + ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot); if (ret != 0) { mbedtls_printf(" failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", (unsigned int) -ret); goto exit; } @@ -1968,16 +2025,9 @@ usage: } #if defined(MBEDTLS_SSL_EARLY_DATA) - int early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; - if (strlen(opt.early_data) > 0) { - if ((early_data_fp = fopen(opt.early_data, "rb")) == NULL) { - mbedtls_printf("failed\n ! Cannot open '%s' for reading.\n", - opt.early_data); - goto exit; - } - early_data_enabled = MBEDTLS_SSL_EARLY_DATA_ENABLED; + if (opt.early_data != DFL_EARLY_DATA) { + mbedtls_ssl_conf_early_data(&conf, opt.early_data); } - mbedtls_ssl_conf_early_data(&conf, early_data_enabled); #endif /* MBEDTLS_SSL_EARLY_DATA */ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -2448,32 +2498,9 @@ send_request: mbedtls_printf(" > Write to server:"); fflush(stdout); - len = mbedtls_snprintf((char *) buf, sizeof(buf) - 1, GET_REQUEST, - opt.request_page); - tail_len = (int) strlen(GET_REQUEST_END); - - /* Add padding to GET request to reach opt.request_size in length */ - if (opt.request_size != DFL_REQUEST_SIZE && - len + tail_len < opt.request_size) { - memset(buf + len, 'A', opt.request_size - len - tail_len); - len += opt.request_size - len - tail_len; - } - - strncpy((char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1); - len += tail_len; - - /* Truncate if request size is smaller than the "natural" size */ - if (opt.request_size != DFL_REQUEST_SIZE && - len > opt.request_size) { - len = opt.request_size; - - /* Still end with \r\n unless that's really not possible */ - if (len >= 2) { - buf[len - 2] = '\r'; - } - if (len >= 1) { - buf[len - 1] = '\n'; - } + ret = build_http_request(buf, sizeof(buf) - 1, &len); + if (ret != 0) { + goto exit; } if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) { @@ -2545,8 +2572,11 @@ send_request: } buf[written] = '\0'; - mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n", - written, frags, (char *) buf); + mbedtls_printf( + " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", + written, + frags, + (char *) buf); /* Send a non-empty request if request_size == 0 */ if (len == 0) { @@ -2653,7 +2683,9 @@ send_request: len = ret; buf[len] = '\0'; - mbedtls_printf(" < Read from server: %d bytes read\n\n%s", len, (char *) buf); + mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", + len, + (char *) buf); fflush(stdout); /* End of message should be detected according to the syntax of the * application protocol (eg HTTP), just use a dummy test here. */ @@ -2712,7 +2744,9 @@ send_request: len = ret; buf[len] = '\0'; - mbedtls_printf(" < Read from server: %d bytes read\n\n%s", len, (char *) buf); + mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s", + len, + (char *) buf); ret = 0; } @@ -3002,6 +3036,54 @@ reconnect: goto exit; } + ret = build_http_request(buf, sizeof(buf) - 1, &len); + if (ret != 0) { + goto exit; + } + +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) { + frags = 0; + written = 0; + do { + while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written, + len - written)) < 0) { + if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) { + goto end_of_early_data; + } + if (ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE && + ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) { + mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n", + (unsigned int) -ret); + goto exit; + } + + /* For event-driven IO, wait for socket to become available */ + if (opt.event == 1 /* level triggered IO */) { +#if defined(MBEDTLS_TIMING_C) + idle(&server_fd, &timer, ret); +#else + idle(&server_fd, ret); +#endif + } + } + + frags++; + written += ret; + } while (written < len); + } + +end_of_early_data: + + buf[written] = '\0'; + mbedtls_printf( + " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n", + written, + frags, + (char *) buf); +#endif /* MBEDTLS_SSL_EARLY_DATA */ + while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE && @@ -3035,12 +3117,6 @@ exit: mbedtls_ssl_config_free(&conf); mbedtls_ssl_session_free(&saved_session); -#if defined(MBEDTLS_SSL_EARLY_DATA) - if (early_data_fp != NULL) { - fclose(early_data_fp); - } -#endif - if (session_data != NULL) { mbedtls_platform_zeroize(session_data, session_data_len); } diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index c3ae942..ee2cdb7 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/debug.h" #include "mbedtls/platform.h" @@ -551,23 +549,23 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, const mbedtls_md_info_t *md_info; #endif - printf("\tciphersuite : %s\n", ciphersuite_info->name); - printf("\tcipher flags : 0x%02X\n", ciphersuite_info->flags); + printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info)); + printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags)); #if defined(MBEDTLS_CIPHER_C) const mbedtls_cipher_info_t *cipher_info; - cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher); + cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher)); if (cipher_info == NULL) { printf_err("Cannot find cipher info\n"); } else { - printf("\tcipher : %s\n", cipher_info->name); + printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info)); } #else /* MBEDTLS_CIPHER_C */ - printf("\tcipher type : %d\n", ciphersuite_info->cipher); + printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher)); #endif /* MBEDTLS_CIPHER_C */ #if defined(MBEDTLS_MD_C) - md_info = mbedtls_md_info_from_type(ciphersuite_info->mac); + md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac)); if (md_info == NULL) { printf_err("Cannot find Message-Digest info\n"); } else { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 598d38c..f00a111 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1420,7 +1420,6 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, return MBEDTLS_ERR_SSL_INVALID_MAC; case 2: return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED; -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 3: /* Creation time in the future. */ session->ticket_creation_time = mbedtls_ms_time() + 1000; @@ -1430,6 +1429,7 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, session->ticket_creation_time = mbedtls_ms_time() - (7 * 24 * 3600 * 1000 + 1000); break; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3) case 5: /* Ticket is valid, but client age is below the lower bound of the tolerance window. */ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000; @@ -1612,6 +1612,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_SSL_EARLY_DATA) int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED; #endif + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf)); #if defined(MBEDTLS_MEMORY_DEBUG) @@ -2707,12 +2708,10 @@ usage: &psa_alg, &psa_alg2, &psa_usage, mbedtls_pk_get_type(&pkey)) == 0) { - ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, - psa_alg, psa_usage, psa_alg2); - + ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot); if (ret != 0) { mbedtls_printf(" failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + "pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret); goto exit; } @@ -2726,12 +2725,10 @@ usage: &psa_alg, &psa_alg2, &psa_usage, mbedtls_pk_get_type(&pkey2)) == 0) { - ret = mbedtls_pk_wrap_as_opaque(&pkey2, &key_slot2, - psa_alg, psa_usage, psa_alg2); - + ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2); if (ret != 0) { mbedtls_printf(" failed\n ! " - "mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", + "mbedtls_pk_get_psa_attributes returned -0x%x\n\n", (unsigned int) -ret); goto exit; } @@ -3450,6 +3447,19 @@ handshake: fflush(stdout); while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) { +#if defined(MBEDTLS_SSL_EARLY_DATA) + if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { + memset(buf, 0, opt.buffer_size); + ret = mbedtls_ssl_read_early_data(&ssl, buf, opt.buffer_size); + if (ret > 0) { + buf[ret] = '\0'; + mbedtls_printf(" %d early data bytes read\n\n%s\n", + ret, (char *) buf); + } + continue; + } +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS && ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) { diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index b49dd67..17d36b7 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -8,12 +8,11 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "ssl_test_lib.h" #if defined(MBEDTLS_TEST_HOOKS) -#include "test/helpers.h" +#include "test/threading_helpers.h" #endif #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) @@ -275,6 +274,37 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, return 0; } + +#if defined(MBEDTLS_PK_C) +int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, + psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id) +{ + int ret; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + + ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr); + if (ret != 0) { + return ret; + } + psa_set_key_usage_flags(&key_attr, psa_usage); + psa_set_key_algorithm(&key_attr, psa_alg); + if (psa_alg2 != PSA_ALG_NONE) { + psa_set_key_enrollment_algorithm(&key_attr, psa_alg2); + } + ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id); + if (ret != 0) { + return ret; + } + mbedtls_pk_free(pk); + mbedtls_pk_init(pk); + ret = mbedtls_pk_setup_opaque(pk, *key_id); + if (ret != 0) { + return ret; + } + + return 0; +} +#endif /* MBEDTLS_PK_C */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) @@ -427,7 +457,7 @@ int test_hooks_failure_detected(void) mbedtls_test_mutex_usage_check(); #endif - if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) { return 1; } return 0; @@ -515,17 +545,31 @@ static const struct { #endif #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \ defined(PSA_WANT_ALG_FFDH) +#if defined(PSA_WANT_DH_RFC7919_2048) { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 }, - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, - { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, -#else +#else /* PSA_WANT_DH_RFC7919_2048 */ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 }, +#endif /* PSA_WANT_DH_RFC7919_2048 */ +#if defined(PSA_WANT_DH_RFC7919_3072) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 }, +#else /* PSA_WANT_DH_RFC7919_3072 */ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 }, +#endif /* PSA_WANT_DH_RFC7919_3072 */ +#if defined(PSA_WANT_DH_RFC7919_4096) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 }, +#else /* PSA_WANT_DH_RFC7919_4096 */ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 }, +#endif /* PSA_WANT_DH_RFC7919_4096 */ +#if defined(PSA_WANT_DH_RFC7919_6144) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 }, +#else /* PSA_WANT_DH_RFC7919_6144 */ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 }, +#endif /* PSA_WANT_DH_RFC7919_6144 */ +#if defined(PSA_WANT_DH_RFC7919_8192) + { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 }, +#else /* PSA_WANT_DH_RFC7919_8192 */ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 }, +#endif /* PSA_WANT_DH_RFC7919_8192 */ #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */ { 0, NULL, 0 }, }; diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index d06e099..1da2dfb 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -235,6 +235,31 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2, psa_algorithm_t *psa_alg2, psa_key_usage_t *usage, mbedtls_pk_type_t key_type); + +#if defined(MBEDTLS_PK_C) +/** Turn a non-opaque PK context into an opaque one with folowing steps: + * - extract the key data and attributes from the PK context. + * - import the key material into PSA. + * - free the provided PK context and re-initilize it as an opaque PK context + * wrapping the PSA key imported in the above step. + * + * \param[in/out] pk On input the non-opaque PK context which contains the + * key to be wrapped. On output the re-initialized PK + * context which represents the opaque version of the one + * provided as input. + * \param[in] psa_alg The primary algorithm that will be associated to the + * PSA key. + * \param[in] psa_alg2 The enrollment algorithm that will be associated to the + * PSA key. + * \param[in] psa_usage The PSA key usage policy. + * \param[out] key_id The PSA key identifier of the imported key. + * + * \return \c 0 on sucess. + * \return \c -1 on failure. + */ +int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2, + psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id); +#endif /* MBEDTLS_PK_C */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 5a26821..0d43ffd 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -26,7 +26,7 @@ if(TEST_CPP) ) add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) - target_link_libraries(cpp_dummy_build ${mbedcrypto_target}) + target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() if(USE_SHARED_MBEDTLS_LIBRARY AND @@ -84,9 +84,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_libs ${exe} exe_index) if (${exe_index} GREATER -1) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) else() - target_link_libraries(${exe} ${mbedcrypto_target}) + target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() endforeach() diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6f7f69b..93c1729 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/platform.h" @@ -1089,20 +1087,24 @@ int main(int argc, char *argv[]) mbedtls_dhm_context dhm; size_t olen; size_t n; + mbedtls_mpi P, G; + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); - if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i], + if (mbedtls_mpi_read_binary(&P, dhm_P[i], dhm_P_size[i]) != 0 || - mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i], - dhm_G_size[i]) != 0) { + mbedtls_mpi_read_binary(&G, dhm_G[i], + dhm_G_size[i]) != 0 || + mbedtls_dhm_set_group(&dhm, &P, &G) != 0) { mbedtls_exit(1); } - n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)); + n = mbedtls_dhm_get_len(&dhm); mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL); - if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) { + + if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) { mbedtls_exit(1); } @@ -1119,6 +1121,7 @@ int main(int argc, char *argv[]) mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL)); mbedtls_dhm_free(&dhm); + mbedtls_mpi_free(&P), mbedtls_mpi_free(&G); } } #endif @@ -1183,85 +1186,12 @@ int main(int argc, char *argv[]) } #endif -#if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_LEGACY_CONTEXT) +#if defined(MBEDTLS_ECDH_C) if (todo.ecdh) { - mbedtls_ecdh_context ecdh; - mbedtls_mpi z; - const mbedtls_ecp_curve_info montgomery_curve_list[] = { -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - { MBEDTLS_ECP_DP_CURVE25519, 0, 0, "Curve25519" }, -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - { MBEDTLS_ECP_DP_CURVE448, 0, 0, "Curve448" }, -#endif - { MBEDTLS_ECP_DP_NONE, 0, 0, 0 } - }; + mbedtls_ecdh_context ecdh_srv, ecdh_cli; + unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; const mbedtls_ecp_curve_info *curve_info; - size_t olen; - const mbedtls_ecp_curve_info *selected_montgomery_curve_list = - montgomery_curve_list; - - if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) { - mbedtls_ecp_group grp; - - mbedtls_ecp_group_init(&grp); - if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) { - mbedtls_exit(1); - } - if (mbedtls_ecp_get_type(&grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { - selected_montgomery_curve_list = single_curve; - } else { /* empty list */ - selected_montgomery_curve_list = single_curve + 1; - } - mbedtls_ecp_group_free(&grp); - } - - for (curve_info = curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - if (!mbedtls_ecdh_can_do(curve_info->grp_id)) { - continue; - } - - mbedtls_ecdh_init(&ecdh); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL))); - mbedtls_ecdh_free(&ecdh); - } - - /* Montgomery curves need to be handled separately */ - for (curve_info = selected_montgomery_curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - mbedtls_ecdh_init(&ecdh); - mbedtls_mpi_init(&z); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, myrand, NULL)); - - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp, - &ecdh.d, - myrand, NULL))); - - mbedtls_ecdh_free(&ecdh); - mbedtls_mpi_free(&z); - } + size_t params_len, publen, seclen; for (curve_info = curve_list; curve_info->grp_id != MBEDTLS_ECP_DP_NONE; @@ -1270,54 +1200,30 @@ int main(int argc, char *argv[]) continue; } - mbedtls_ecdh_init(&ecdh); - - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecp_copy(&ecdh.Qp, &ecdh.Q)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL)); + mbedtls_ecdh_init(&ecdh_srv); - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh, &olen, buf, sizeof(buf), - myrand, NULL))); - mbedtls_ecdh_free(&ecdh); - } + CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, + sizeof(buf_srv), myrand, NULL)); - /* Montgomery curves need to be handled separately */ - for (curve_info = selected_montgomery_curve_list; - curve_info->grp_id != MBEDTLS_ECP_DP_NONE; - curve_info++) { - mbedtls_ecdh_init(&ecdh); - mbedtls_mpi_init(&z); + mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); + TIME_PUBLIC(title, + "ephemeral handshake", + const unsigned char *p_srv = buf_srv; + mbedtls_ecdh_init(&ecdh_cli); - CHECK_AND_CONTINUE(mbedtls_ecp_group_load(&ecdh.grp, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Qp, - myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_gen_public(&ecdh.grp, &ecdh.d, &ecdh.Q, myrand, NULL)); + CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, + p_srv + params_len)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, + sizeof(buf_cli), myrand, NULL)); - mbedtls_snprintf(title, sizeof(title), "ECDH-%s", - curve_info->name); - TIME_PUBLIC(title, "handshake", - CHECK_AND_CONTINUE(mbedtls_ecdh_compute_shared(&ecdh.grp, &z, &ecdh.Qp, - &ecdh.d, - myrand, NULL))); + CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, + sizeof(buf_cli), myrand, NULL)); + mbedtls_ecdh_free(&ecdh_cli); + ); - mbedtls_ecdh_free(&ecdh); - mbedtls_mpi_free(&z); + mbedtls_ecdh_free(&ecdh_srv); } - } -#endif - -#if defined(MBEDTLS_ECDH_C) - if (todo.ecdh) { - mbedtls_ecdh_context ecdh_srv, ecdh_cli; - unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE]; - const mbedtls_ecp_curve_info *curve_info; - size_t olen; for (curve_info = curve_list; curve_info->grp_id != MBEDTLS_ECP_DP_NONE; @@ -1329,31 +1235,26 @@ int main(int argc, char *argv[]) mbedtls_ecdh_init(&ecdh_srv); mbedtls_ecdh_init(&ecdh_cli); - mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name); - TIME_PUBLIC(title, - "full handshake", - const unsigned char *p_srv = buf_srv; + CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv, + sizeof(buf_srv), myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, &olen, buf_srv, - sizeof(buf_srv), myrand, NULL)); - - CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, - p_srv + olen)); - CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &olen, buf_cli, - sizeof(buf_cli), myrand, NULL)); + const unsigned char *p_srv = buf_srv; + CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv, + p_srv + params_len)); + CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli, + sizeof(buf_cli), myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_read_public(&ecdh_srv, buf_cli, olen)); - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_srv, &olen, buf_srv, - sizeof(buf_srv), myrand, NULL)); - CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &olen, buf_cli, + mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name); + TIME_PUBLIC(title, + "static handshake", + CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli, sizeof(buf_cli), myrand, NULL)); - mbedtls_ecdh_free(&ecdh_cli); - - mbedtls_ecdh_free(&ecdh_srv); ); + mbedtls_ecdh_free(&ecdh_cli); + mbedtls_ecdh_free(&ecdh_srv); } } #endif diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index 3c3cba3..78bd5e7 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -20,4 +20,4 @@ set(libs ) add_executable(cmake_subproject cmake_subproject.c) -target_link_libraries(cmake_subproject ${libs}) +target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT}) diff --git a/programs/test/metatest.c b/programs/test/metatest.c index 79c57d1..a5cf2b7 100644 --- a/programs/test/metatest.c +++ b/programs/test/metatest.c @@ -26,12 +26,12 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include <mbedtls/debug.h> #include <mbedtls/platform.h> #include <mbedtls/platform_util.h> #include "test/helpers.h" +#include "test/threading_helpers.h" #include "test/macros.h" #include "test/memory.h" #include "common.h" @@ -430,9 +430,11 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_TEST_MUTEX_USAGE) mbedtls_test_mutex_usage_check(); #endif + int result = (int) mbedtls_test_get_result(); + mbedtls_printf("Running metatest %s... done, result=%d\n", - argv[1], (int) mbedtls_test_info.result); - mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ? + argv[1], result); + mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ? MBEDTLS_EXIT_SUCCESS : MBEDTLS_EXIT_FAILURE); } diff --git a/programs/test/selftest.c b/programs/test/selftest.c index e132e4c..043209b 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -5,8 +5,6 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #include "mbedtls/build_info.h" #include "mbedtls/entropy.h" diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index c6b56ec..beaa8bd 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -11,7 +11,6 @@ * example of good general usage. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "mbedtls/build_info.h" diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 7fc58cb..cb6bc3d 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -9,7 +9,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index 5876b8d..43437f0 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -13,7 +13,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - target_link_libraries(${exe} ${libs}) + target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 6ae43a9..dcfd176 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -14,7 +14,8 @@ #if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ - !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or " diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bf25c4c..0b2575e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -15,7 +15,7 @@ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \ !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \ - !defined(MBEDTLS_PEM_WRITE_C) + !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C) int main(void) { mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or " diff --git a/scripts/common.make b/scripts/common.make index 6c95b42..2714bcd 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -1,25 +1,29 @@ # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS +ifndef MBEDTLS_PATH +MBEDTLS_PATH := .. +endif + CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64 +LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../library \ + -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) -include ../3rdparty/Makefile.inc +include $(MBEDTLS_PATH)/3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) ifndef SHARED -MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a else -MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -97,7 +101,7 @@ endif default: all $(MBEDLIBS): - $(MAKE) -C ../library + $(MAKE) -C $(MBEDTLS_PATH)/library neat: clean ifndef WINDOWS diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja index 924b08c..8b91f0b 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.h.jinja @@ -122,7 +122,7 @@ static inline psa_status_t psa_driver_wrapper_sign_message( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -196,7 +196,7 @@ static inline psa_status_t psa_driver_wrapper_verify_message( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -266,7 +266,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_sign == NULL ) @@ -283,7 +283,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -306,11 +306,11 @@ static inline psa_status_t psa_driver_wrapper_sign_hash( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && - PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && - attributes->core.bits == 256 ) + PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && + psa_get_key_bits(attributes) == 256 ) { status = p256_transparent_sign_hash( attributes, key_buffer, @@ -370,7 +370,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { if( drv->asymmetric == NULL || drv->asymmetric->p_verify == NULL ) @@ -387,7 +387,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -410,11 +410,11 @@ static inline psa_status_t psa_driver_wrapper_verify_hash( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && - PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && - attributes->core.bits == 256 ) + PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && + psa_get_key_bits(attributes) == 256 ) { status = p256_transparent_verify_hash( attributes, key_buffer, @@ -517,7 +517,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - attributes->core.lifetime ); + psa_get_key_lifetime(attributes) ); switch( location ) { @@ -609,7 +609,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - attributes->core.lifetime ); + psa_get_key_lifetime(attributes) ); switch( location ) { @@ -707,8 +707,8 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( size_t *key_buffer_size ) { psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); - psa_key_type_t key_type = attributes->core.type; + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); + psa_key_type_t key_type = psa_get_key_type(attributes); *key_buffer_size = 0; switch( location ) @@ -731,18 +731,33 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( static inline psa_status_t psa_driver_wrapper_generate_key( const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, size_t params_data_length, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime); + PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes)); + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) + int is_default_production = + psa_key_production_parameters_are_default(params, params_data_length); + if( location != PSA_KEY_LOCATION_LOCAL_STORAGE && !is_default_production ) + { + /* We don't support passing custom production parameters + * to drivers yet. */ + return PSA_ERROR_NOT_SUPPORTED; + } +#else + int is_default_production = 1; + (void) is_default_production; +#endif /* Try dynamically-registered SE interface first */ #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { size_t pubkey_length = 0; /* We don't support this feature yet */ if( drv->key_management == NULL || @@ -762,8 +777,11 @@ static inline psa_status_t psa_driver_wrapper_generate_key( { case PSA_KEY_LOCATION_LOCAL_STORAGE: #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) - /* Transparent drivers are limited to generating asymmetric keys */ - if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) ) + /* Transparent drivers are limited to generating asymmetric keys. */ + /* We don't support passing custom production parameters + * to drivers yet. */ + if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) && + is_default_production ) { /* Cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -775,9 +793,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key( break; #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && - attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && - attributes->core.bits == 256 ) + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && + psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && + psa_get_key_bits(attributes) == 256 ) { status = p256_transparent_generate_key( attributes, key_buffer, @@ -793,7 +811,8 @@ static inline psa_status_t psa_driver_wrapper_generate_key( /* Software fallback */ status = psa_generate_key_internal( - attributes, key_buffer, key_buffer_size, key_buffer_length ); + attributes, params, params_data_length, + key_buffer, key_buffer_size, key_buffer_length ); break; /* Add cases for opaque driver here */ @@ -843,7 +862,7 @@ bits const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { if( drv->key_management == NULL || drv->key_management->p_import == NULL ) @@ -920,7 +939,7 @@ data_length const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { if( ( drv->key_management == NULL ) || ( drv->key_management->p_export == NULL ) ) @@ -975,13 +994,13 @@ target_key_buffer_length {% endmacro %} psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { /* Copying to a secure element is not implemented yet. */ return( PSA_ERROR_NOT_SUPPORTED ); @@ -1025,7 +1044,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1115,7 +1134,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1192,7 +1211,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1265,7 +1284,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup( { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1665,7 +1684,7 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1717,7 +1736,7 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1766,7 +1785,7 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -1814,7 +1833,7 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2150,7 +2169,7 @@ static inline psa_status_t psa_driver_wrapper_mac_compute( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2214,7 +2233,7 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2286,7 +2305,7 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2486,7 +2505,7 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2544,7 +2563,7 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2608,7 +2627,7 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { @@ -2626,10 +2645,10 @@ static inline psa_status_t psa_driver_wrapper_key_agreement( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) - if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && + if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) && PSA_ALG_IS_ECDH(alg) && - PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && - attributes->core.bits == 256 ) + PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 && + psa_get_key_bits(attributes) == 256 ) { status = p256_transparent_key_agreement( attributes, key_buffer, diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja index 2aae628..261cd2a 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers_no_static.c.jinja @@ -88,9 +88,9 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size( const psa_key_attributes_t *attributes, size_t *key_buffer_size ) { - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); - psa_key_type_t key_type = attributes->core.type; - size_t key_bits = attributes->core.bits; + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); + psa_key_type_t key_type = psa_get_key_type(attributes); + size_t key_bits = psa_get_key_bits(attributes); *key_buffer_size = 0; switch( location ) @@ -144,7 +144,7 @@ data_length const psa_drv_se_t *drv; psa_drv_se_context_t *drv_context; - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) ) { if( ( drv->key_management == NULL ) || ( drv->key_management->p_export_public == NULL ) ) @@ -203,7 +203,7 @@ key_buffer, key_buffer_size, key_buffer_length {% endmacro %} - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) ); switch( location ) { #if defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index b21a0cf..6080386 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -82,7 +82,7 @@ def automatic_dependencies(*expressions: str) -> List[str]: """ used = set() for expr in expressions: - used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr)) + used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|DH_FAMILY|KEY_TYPE)_\w+', expr)) used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) return sorted(psa_want_symbol(name) for name in used) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index edfbe4c..589643a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -1,5 +1,3 @@ -find_package(Threads) - set(libs ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT} diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index a7035cb..d6df19c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1052,6 +1052,30 @@ rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem + +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der +rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem + $(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem +keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem + rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der Binary files differnew file mode 100644 index 0000000..0051940 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem new file mode 100644 index 0000000..b99af2c --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIID4AYf5oXcICAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAECBBCtsq1ZGRGQPDOZ5HWj2WM3BIIE +0G6XYOdWx+gqDnXbV4/I8o/whdxUKNXi6lhrJHQBnl+qQPSJnDl4lH6/U7LimyeM +SASN9h2BqOQhLi+FPxw19Vn7IzKkNe4c2S87t27/p9ss8jgbKfEDPJ77uxMb64eA +WAmDjOr1eL+HM54pIxrWcHKUNrfliffyzcwcTqf99ORj9QeGJ37XuZ7RLMxfoOij +4v1YVbSVlMX5SM0tI9/Atm3fUG1zVAm3p3SrSAOr9FkVE0wh/aC5f5KnMzurBq8J +f8zGrCP4AmXiowbsJ+GCpKBqOB2mFpBjWt2cwYPuZzP5VUaXiJyOgOYXvxLF4TpB ++pDhJfs+P0iG1SWssfLOkp7smFWtowFrGn3y5nDHHd3P8/vyEDS02hdJxoLw0MBe +zD3aVeaISOMqjc43cA27Kp7uvG7814XAXe1MPt7Bm5CGa9k6XtVhMTp6RBKxL2ow +3U8SjA3PtuLLbNEB8FDGi2MCsoDGfmXdOZqJPJdxSbLWl5/385irsUKQDnDK9xr5 +tYVAjPLK4tkdtBgGB+Yv2bRYjPdqKiNrE2AuuFN8ESqoir0gOWbGgpmdDpVhG1az +Y/Dyv1JcteXo/s3PsIZOXXDQEK7fdr9o/QWY62KJCIQXPZU7K4g2aWLbMN8pWabt +3mpBeCeiLz0+miSwHFSfTg/weegogrfeBtSV6zFcBSG0nz73JT1U6U4ecDAsuk23 +nmLnm3t+n3MTZU18WxTiQrq0n5gOr1XoGduGQYBBS/bhFoQoWvVQ+gaCaR1hF4ap +U5vTjYmdIv6Hq/Gl3sNpH324NVTQ2JIHzdItyaZiTugr89+7YxPxpL9pwJJyztdy +31l4AvAot9vEJWH6wPC5v66MQrqcJRtdT8BuEJ2RFKkqP0wN66JC7qhtm4v5oVgp +tblGcP4oWHMqAZuYUbgJYh5sEXMsO2tbp2ckKOR10ev+Yzq8vQ9AYFSOLNkFAIbA +lxv0DJonU288A8Rei3WYU9PfYiYWK7cP/I40xtxOJe3cQEhQTBJwT6K1sv7Q0HAa +hs5P2u45XqJh2waqJkeoeri0p20WnSfcWmov0OIMtxWQMT6Yb62v+aKk+nqlurIz +BmvJvgZJtnhlJW7WfbSF3kDD8WZbmabJ+rfPclx5/Hyh0JfaHSJDa9Vd8518/wp4 +Tcptcq7GC93St7PG6RTg4nZzrguwdzBVeDGB0BjP4xI/tzEkk0MgFGAL6JDa/FLv +5L8MOjeCLwWO9OtVjt02amc26SMmpEIyzh5f/eXWDBILnZAgbnieqyQm2+KsvQ87 +9aQdLlC4RvO73f+5Ckygf6vrIW/n8HVmHmLv+qeudVgIiYZVz3/GtiFJjuayMr/D +SgvrzNyRw8SQWn5V0ORy/3u86ZfraIq3falIFJGZDG9rdgYoBNHzhMeOXL+fqqHa +egvOQbfA4jpmtbWUxeqLqs1bY8T9hGW8lrRm7TofsuxDPOz+VajF/+lqWrvXp6+8 +Vp10Ig42X88TUroWRrOSXUkR45Xjq/XG5M5mbZQqBygWSqQJ9LrTzu9yqhYsqziB +tnwXVpudK/9GK7OKEshJ0s/HsLFHAFRBPJnVP0cXTEg9EczgGBLLT6wAj5zy0dxz +Pe8Y46K6wUUHP4Y9IQmJ+i/dBfiaquSNKKdqMU7sT5cd +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der Binary files differnew file mode 100644 index 0000000..fc1ccb3 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem new file mode 100644 index 0000000..0a36a71 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI8i+OtR0wbD0CAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEWBBBHvOq1294P18bekzyYVp4QBIIE +0AJnZHjPZcPYKdSNaNfPfc2s+UmTgYeLCun5sd+9KIYyozJ2ljZTijsdp/hItWTu +DmHrfLTLV8mtL/OFJ83u0rDoHVfSrDLwFMAy/nmbtlLYPFEfU9MQ8s2OtvKuobmI +b3x7b+MrTlG5ConptsQQw5tl3dza9DZGfHUnO2EzXorytSMLFCGeQskzbN7Y/Sbf +2+IL5yoifcfPddTbKDyTa77K2516tK2+WTU/VUfv2r5d5SiivZLuMjIYrbneHYoq +hW30BZozCqJKJ5G2jwNjLUjPirA6qtS0Y1tIb5rRjZ0pSy1X5oIQL2laZLrDo9gP +/Ud8m1k2nv9Uv9HPM+G4xCMSiJVaptYPyzFQACcSdA/BVUdBC0EwzIj2nbaoAlM0 ++sZ2Asbohnds/AsDz+/b6MaMKg9Onoort0zF/HtpSII6+WSmvGOaV2469JEIvZlU +JIn1YugpDPIe6/B35J9sYfvVNKVsvJntCKxmcz6Nw2VvPKXC3o/bseBqAhLKDMZZ +Hr3id3O7bN2ng3lKuGofmQeMYnW4zb4coXytdc/XCvf63xE0NsUEBFuRMpc9iocC +2RMBEzNyE4tnigI61T/zkpwgBic1p/isGoXMdPWl+Z+IAIYgyxOVwO9g78yVW9tp +1xF9WzJrGHKNT9RLmINyo3jt/wRj8Q+T0EG45cDQcHwpyXdNS614hUCIaeTvQcR9 +8F+f4D8IvL+GJt2EtbqL+D687X/hptNehpFf+uxGiHQfrtOvYS/ArNrewa1ts9nq +SMAE7Hb7MzFdnhDqRFBa+//H1jvNkDx3qXfb1/MNE8pR6vjcueKKQ0BzlrNX1O2C +oz0OCMeDfXZhWdYmNjLNcdbonrvq5Z9nOUEdw2lNWELT4lOAmqgA/xBFdQa4glCx +WS1r6DyjgTdGlPbcGugRuTcYXNx6iikWzoS1369maz+WV9qW7r8kA1Fs7WUiYnOb +I1E06yQKVANe+t2SQYN2jPK3EsFFOBxG9tlcXbZVxvx9m6XJR7f7YnLPN+b0f1qF +cT2c5IhK5pKRiZds82lWBnk+eli+qUXILIBbDvBmY4PyPk+kyewAHI1HWBfoSH/3 +aLIV6JPgwjAJKnr0++jUqETID/yGyLHNNy1u4ALyAfbFVU//RGmwAxhrBNPdVVGb +rBfKL+VL8Hu/m5XWXez0nHKyD8J1i/XO1OutBsXYxEn6Xnu9rJn8F6nJ+XB3zt6K +QdkUp85t3GM0wyizuPRWJrSVfYyjV41yEBXqe2lgqTT9dpvpgIRtvUeq83e8PD/3 +6qKoeTv+3cppCFZ3vLArGvsvRTcbfc3YEzXxz6gc/1HTzd8UpCnA/9+jepG3IzRL +1bLs8QVzIBAT/UpuC6QWUdAR/JZMEFLU5FnRh6oXuh2Zys66Ot7LyNhnGlSEPlXI +polURx0bew+QigBGiH7NpyMgRi9Wh+1HOA/wsAp4X7O+DhaX6vdiDbQoilN1LclU +TRFShpuaxwRA1ek2Jz3JLn7wCsGaVXrd2v/CgrxofCWzGjR2RWj9hAkV4eoJ3G6A +x3DhMRrqXc/O3ON9TyhKBZP1g35In5bZmBUv/o+7eYV7KDETxPwsD3A+dCqUJObU +kyZehu2DsfyZFI98SnecRpb0M0vi6ZZueCykOVec6xkX +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der Binary files differnew file mode 100644 index 0000000..136cfb9 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem new file mode 100644 index 0000000..da2e90f --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhWg0Xe90dAcCAggA +MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEqBBCRE60k0URZBki+hlzaxgZgBIIE +0Hffn1sg3qNNUkFDHdbvU9E3+aaMJKWqDS4bUqGguT7Tz36TPM1drUZSFyWvPgNY +dXonxu+2h6jzRny0clPyp3kCbJEqgvyj0laKNAfV1fmJRVkIFiCMs0iBLQnyjAJb +IJ8hGxsnotdvmL3oTvHq0YawPXRXVDC4qeO+PzcDjSZ62E+Bz1bE2/tLif1BKd0k +QbccsD9pCyF8pauCAxgN2AWWdus3IzH+hWUf4DTT7AhCdYNijY+ZmBgKGkJoJWwl +aIZrPGJ7tNIDecQt86xLffKifI/b2dO5e3Q1NgNzHM77ncoeLr9nFSlsc2W3qA/A +gEDcuGj1ujchKK70Phfz50HMfnP3pCqLk8jDI78/TSvHDiblF68hsUbAsvbtHNu6 ++AXlDdSU2bcRyQRsjvaf2lMLt+qkUX+P640SKnXIYa1o9dv4+alE4XTZaimmOnao +DjYm6bTHAYcE//DW/LXt7V+q1KCPqpoHMR140vyjIRN8uEcPXyTka6lU34ypIhUb +N7ggLrXrCjh3nJo+nCtXOIMf9O9eD9I/0i8dktZFuTRj1sO/z9J/xFxHTdBG/BB5 +1MEmwriRubrw5Ud+uXnRq+lg5rW3n4+5TBvwYq/GLfyj36ojegbE8OdMfJJqCdd4 +zywMXwYiMi76gYAwEL60DWRn+3vud02QwY8hBXfiOPq2kxazvZM5SWy/1bPgStkn +fG9uzE8n/ABZA0XWuV8hNAcxYlS+0s3IguvvHogQtQMYTTg/D3OODpc0f/+y3O8N +qI5Iym1SrWpnF8vVFZsMblMDr+tbeCvYQ+HuaTc0L5cpAozoY7iCzuqwDHFrYTzC +rSZ70V+FQ956m4xkCBu6TrzqzhA8zfDFs3z9LfV62v9zLgUS8uCKSKWxznM0IdiE +ZnNrwaE1xsO5QN8LfvlO4NVVxN/ATie5tmlLndS4c2ZkswcR3WM6cW1buVaIPsz7 +lU7sbd/I9pWpzd3eZNkVrWpyWxvFQxBUNNC5IXcgRBZsGgVGRw35LBlWXKluKrVi +Z/FAf23dt3n2S4dtJ+Fd2+YL/YiK0lqtrm+GkSjmMvVQ57PJn8QvW359e4QsxDyN +wv6iEQDUqZcQ89ggdGdoSFFgBtFACc9iCKsu5AjTJl+Tql/A3FV7SwYDfZwQuT4e +gc4dZPuSSVd8cttUeFUmtrPCMx2nP7ZDVYFrZyK07eAIL89gv3bYWu8R/wMKNvzr +g0Ao0+AnfLJg11C8pAhJea1dxwu7g6LSpA+oCZov4RpqUnLKMCpPbypyFhSizZtF +evDMf+5aUAbe0+ZsCjUT+RftpzYCPV9uGhYhLMIFRP/7FCcHMrDn7CbAektm063U +EwP2O1rUrMhPWqRztx71cGBloeVPE8Ddwnsorr4M7EXihZcvNsLfz3N9NUopkU3M +sM2fEAnq2KMyrrwVGRSHvm70gUDpJeFanRBsI9z1Tr4r3utHIIQ+0u9pFPbQln0Q +4X4U7KbKC4leTYGMPMFOPXihiMTazNcs232stAYUYe6/DmVX/p2dJHvHux5qBGIW +Rbv7OuwazOsDqNfrqZTesENIGl/KPoNXiolp/YtG3DHQ1vDjEj/XTOVWWkBDXVgP +ut4Pi20hvFBwvEBtypAgi1VLcad5+dlrEwryewlLLw5h +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/tls13_early_data.txt b/tests/data_files/tls13_early_data.txt index 0c84b07..95811fd 100644 --- a/tests/data_files/tls13_early_data.txt +++ b/tests/data_files/tls13_early_data.txt @@ -1,3 +1,4 @@ EarlyData context: line 0 lf EarlyData context: line 1 lf +EarlyData context: line 2 lf EarlyData context: If it appears, that means early_data received. diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h index 2f6bf89..a5e49cb 100644 --- a/tests/include/test/bignum_helpers.h +++ b/tests/include/test/bignum_helpers.h @@ -77,14 +77,14 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); * * - This function guarantees that if \p s begins with '-' then the sign * bit of the result will be negative, even if the value is 0. - * When this function encounters such a "negative 0", it - * increments #mbedtls_test_case_uses_negative_0. - * - The size of the result is exactly the minimum number of limbs needed - * to fit the digits in the input. In particular, this function constructs - * a bignum with 0 limbs for an empty string, and a bignum with leading 0 - * limbs if the string has sufficiently many leading 0 digits. - * This is important so that the "0 (null)" and "0 (1 limb)" and - * "leading zeros" test cases do what they claim. + * When this function encounters such a "negative 0", it calls + * mbedtls_test_increment_case_uses_negative_0(). + * - The size of the result is exactly the minimum number of limbs needed to fit + * the digits in the input. In particular, this function constructs a bignum + * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the + * string has sufficiently many leading 0 digits. This is important so that + * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they + * claim. * * \param[out] X The MPI object to populate. It must be initialized. * \param[in] s The null-terminated hexadecimal string to read from. @@ -93,14 +93,6 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N); */ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s); -/** Nonzero if the current test case had an input parsed with - * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc., - * constructing a result with the sign bit set to -1 and the value being - * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is - * tested for robustness). - */ -extern unsigned mbedtls_test_case_uses_negative_0; - #endif /* MBEDTLS_BIGNUM_C */ #endif /* TEST_BIGNUM_HELPERS_H */ diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h index 4eb27f0..ec8bcb6 100644 --- a/tests/include/test/drivers/config_test_driver.h +++ b/tests/include/test/drivers/config_test_driver.h @@ -40,5 +40,7 @@ //#define MBEDTLS_MD_C //#define MBEDTLS_PEM_PARSE_C //#define MBEDTLS_BASE64_C +//#define MBEDTLS_THREADING_C +//#define MBEDTLS_THREADING_PTHREAD #endif /* MBEDTLS_CONFIG_H */ diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 768a9a6..dac07ac 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -192,6 +192,46 @@ #endif #endif +#if defined(PSA_WANT_DH_RFC7919_2048) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_3072) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_4096) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_6144) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144 +#endif +#endif + +#if defined(PSA_WANT_DH_RFC7919_8192) +#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) +#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 +#else +#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192 +#endif +#endif + #if defined(PSA_WANT_ALG_FFDH) #if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) #undef MBEDTLS_PSA_ACCEL_ALG_FFDH diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 7c962a2..d08100f 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -23,6 +23,10 @@ #if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN #endif +#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */ +# define MBEDTLS_TEST_HAVE_TSAN +#endif + #if defined(__has_feature) # if __has_feature(address_sanitizer) /* clang -fsanitize=address */ # define MBEDTLS_TEST_HAVE_ASAN @@ -35,9 +39,10 @@ # endif #endif -#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \ - defined(MBEDTLS_TEST_HOOKS) -#define MBEDTLS_TEST_MUTEX_USAGE +#include "test/threading_helpers.h" + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +#include "mbedtls/threading.h" #endif #include "mbedtls/platform.h" @@ -61,20 +66,128 @@ typedef enum { MBEDTLS_TEST_RESULT_SKIPPED } mbedtls_test_result_t; +#define MBEDTLS_TEST_LINE_LENGTH 76 + typedef struct { mbedtls_test_result_t result; const char *test; const char *filename; int line_no; unsigned long step; - char line1[76]; - char line2[76]; + char line1[MBEDTLS_TEST_LINE_LENGTH]; + char line2[MBEDTLS_TEST_LINE_LENGTH]; #if defined(MBEDTLS_TEST_MUTEX_USAGE) const char *mutex_usage_error; #endif +#if defined(MBEDTLS_BIGNUM_C) + unsigned case_uses_negative_0; +#endif } mbedtls_test_info_t; -extern mbedtls_test_info_t mbedtls_test_info; + +/** + * \brief Get the current test result status + * + * \return The current test result status + */ +mbedtls_test_result_t mbedtls_test_get_result(void); + +/** + * \brief Get the current test name/description + * + * \return The current test name/description + */ +const char *mbedtls_test_get_test(void); + +/** + * \brief Get the current test filename + * + * \return The current test filename + */ +const char *mbedtls_get_test_filename(void); + +/** + * \brief Get the current test file line number (for failure / skip) + * + * \return The current test file line number (for failure / skip) + */ +int mbedtls_test_get_line_no(void); + +/** + * \brief Increment the current test step. + * + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. + */ +void mbedtls_test_increment_step(void); + +/** + * \brief Get the current test step + * + * \return The current test step + */ +unsigned long mbedtls_test_get_step(void); + +/** + * \brief Get the current test line buffer 1 + * + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. + */ +void mbedtls_test_get_line1(char *line); + +/** + * \brief Get the current test line buffer 2 + * + * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH, + * which will have line buffer 1 copied to it. + */ +void mbedtls_test_get_line2(char *line); + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * \brief Get the current mutex usage error message + * + * \return The current mutex error message (may be NULL if no error) + */ +const char *mbedtls_test_get_mutex_usage_error(void); + +/** + * \brief Set the current mutex usage error message + * + * \note This will only set the mutex error message if one has not + * already been set, or if we are clearing the message (msg is + * NULL) + * + * \param msg Error message to set (can be NULL to clear) + */ +void mbedtls_test_set_mutex_usage_error(const char *msg); +#endif + +#if defined(MBEDTLS_BIGNUM_C) + +/** + * \brief Get whether the current test is a bignum test that uses + * negative zero. + * + * \return non zero if the current test uses bignum negative zero. + */ +unsigned mbedtls_test_get_case_uses_negative_0(void); + +/** + * \brief Indicate that the current test uses bignum negative zero. + * + * \note This function is called if the current test case had an + * input parsed with mbedtls_test_read_mpi() that is a negative + * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with + * the sign bit set to -1 and the value being all-limbs-0, + * which is not a valid representation in #mbedtls_mpi but is + * tested for robustness). * + */ +void mbedtls_test_increment_case_uses_negative_0(void); +#endif int mbedtls_test_platform_setup(void); void mbedtls_test_platform_teardown(void); @@ -111,24 +224,42 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename); void mbedtls_test_skip(const char *test, int line_no, const char *filename); /** - * \brief Set the test step number for failure reports. + * \brief Set the test step number for failure reports. * - * Call this function to display "step NNN" in addition to the - * line number and file name if a test fails. Typically the "step - * number" is the index of a for loop but it can be whatever you - * want. + * Call this function to display "step NNN" in addition to the + * line number and file name if a test fails. Typically the + * "step number" is the index of a for loop but it can be + * whatever you want. + * + * \note It is not recommended for multiple threads to call this + * function concurrently - whilst it is entirely thread safe, + * the order of calls to this function can obviously not be + * ensured, so unexpected results may occur. * * \param step The step number to report. */ void mbedtls_test_set_step(unsigned long step); /** - * \brief Reset mbedtls_test_info to a ready/starting state. + * \brief Reset mbedtls_test_info to a ready/starting state. */ void mbedtls_test_info_reset(void); +#ifdef MBEDTLS_TEST_MUTEX_USAGE /** - * \brief Record the current test case as a failure if two integers + * \brief Get the test info data mutex. + * + * \note This is designed only to be used by threading_helpers to + * avoid a deadlock, not for general access to this mutex. + * + * \return The test info data mutex. + */ +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void); + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +/** + * \brief Record the current test case as a failure if two integers * have a different value. * * This function is usually called via the macro @@ -254,24 +385,6 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b, #include "test/fake_external_rng_for_test.h" #endif -#if defined(MBEDTLS_TEST_MUTEX_USAGE) -/** - * Activate the mutex usage verification framework. See threading_helpers.c for - * information. - * */ -void mbedtls_test_mutex_usage_init(void); - -/** - * Deactivate the mutex usage verification framework. See threading_helpers.c - * for information. - */ -void mbedtls_test_mutex_usage_end(void); - -/** Call this function after executing a test case to check for mutex usage - * errors. */ -void mbedtls_test_mutex_usage_check(void); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ - #if defined(MBEDTLS_TEST_HOOKS) /** * \brief Check that only a pure high-level error code is being combined with diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 8de9c4d..a73e06f 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -125,8 +125,8 @@ do { \ TEST_ASSERT((pointer) == NULL); \ if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ TEST_ASSERT((pointer) != NULL); \ } \ } while (0) @@ -155,8 +155,8 @@ #define TEST_CALLOC_NONNULL(pointer, item_count) \ do { \ TEST_ASSERT((pointer) == NULL); \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ if (((pointer) == NULL) && ((item_count) == 0)) { \ (pointer) = mbedtls_calloc(1, 1); \ } \ @@ -175,8 +175,8 @@ do { \ TEST_ASSERT((pointer) == NULL); \ if ((item_count) != 0) { \ - (pointer) = mbedtls_calloc(sizeof(*(pointer)), \ - (item_count)); \ + (pointer) = mbedtls_calloc((item_count), \ + sizeof(*(pointer))); \ TEST_ASSUME((pointer) != NULL); \ } \ } while (0) diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index a658d17..44f5c08 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -14,21 +14,17 @@ #include <psa/crypto.h> +#if defined(MBEDTLS_PK_C) +#include <mbedtls/pk.h> +#endif + /** \def KNOWN_SUPPORTED_HASH_ALG * * A hash algorithm that is known to be supported. * * This is used in some smoke tests. */ -#if defined(PSA_WANT_ALG_MD5) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 -/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of - * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 - * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be - * implausible anyway. */ -#elif defined(PSA_WANT_ALG_SHA_1) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 -#elif defined(PSA_WANT_ALG_SHA_256) +#if defined(PSA_WANT_ALG_SHA_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256 #elif defined(PSA_WANT_ALG_SHA_384) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384 @@ -36,6 +32,14 @@ #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512 #elif defined(PSA_WANT_ALG_SHA3_256) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256 +#elif defined(PSA_WANT_ALG_SHA_1) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1 +#elif defined(PSA_WANT_ALG_MD5) +#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 +/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of + * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 + * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be + * implausible anyway. */ #else #undef KNOWN_SUPPORTED_HASH_ALG #endif @@ -221,4 +225,37 @@ int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key, psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, psa_algorithm_t alg); +/** Whether the specified algorithm can be exercised. + * + * \note This function is solely based on the algorithm and does not + * consider potential issues with the compatibility of a key. + * The idea is that you already have a key, so you know that the + * key type is supported, and you want to exercise the key but + * only if the algorithm given in its policy is enabled in the + * compile-time configuration. + * + * \note This function currently only supports signature algorithms + * (including wildcards). + * TODO: a more general mechanism, which should be automatically + * generated and possibly available as a library function? + */ +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg); + +#if defined(MBEDTLS_PK_C) +/** PK-PSA key consistency test. + * + * This function tests that the pk context and the PSA key are + * consistent. At a minimum: + * + * - The two objects must contain keys of the same type, + * or a key pair and a public key of the matching type. + * - The two objects must have the same public key. + * + * \retval 0 The key failed the consistency tests. + * \retval 1 The key passed the consistency tests. + */ +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk); +#endif /* MBEDTLS_PK_C */ + #endif /* PSA_EXERCISE_KEY_H */ diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d03c624..335386b 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern { typedef struct mbedtls_test_handshake_test_options { const char *cipher; + uint16_t *group_list; mbedtls_ssl_protocol_version client_min_version; mbedtls_ssl_protocol_version client_max_version; mbedtls_ssl_protocol_version server_min_version; @@ -112,6 +113,8 @@ typedef struct mbedtls_test_handshake_test_options { void (*srv_log_fun)(void *, int, const char *, int, const char *); void (*cli_log_fun)(void *, int, const char *, int, const char *); int resize_buffers; + int early_data; + int max_early_data_size; #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_cache_context *cache; #endif @@ -194,6 +197,13 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ /* + * Random number generator aimed for TLS unitary tests. Its main purpose is to + * simplify the set-up of a random number generator for TLS + * unitary tests: no need to set up a good entropy source for example. + */ +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); + +/* * This function can be passed to mbedtls to receive output logs from it. In * this case, it will count the instances of a mbedtls_test_ssl_log_pattern * in the received logged messages. @@ -440,8 +450,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list); + mbedtls_test_ssl_message_queue *output_queue); /* * Deinitializes endpoint represented by \p ep. @@ -531,6 +540,7 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record, */ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, + int endpoint_type, const char *crt_file); #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -589,6 +599,25 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args); #endif /* MBEDTLS_TEST_HOOKS */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *ticket_lifetime); + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len); +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session); +#endif + #define ECJPAKE_TEST_PWD "bla" #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h new file mode 100644 index 0000000..79bc6c0 --- /dev/null +++ b/tests/include/test/threading_helpers.h @@ -0,0 +1,112 @@ +/** + * \file threading_helpers.h + * + * \brief This file contains the prototypes of helper functions for the purpose + * of testing threading. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef THREADING_HELPERS_H +#define THREADING_HELPERS_H + +#if defined MBEDTLS_THREADING_C + +#include "mbedtls/private_access.h" +#include "mbedtls/build_info.h" + +/* Most fields of publicly available structs are private and are wrapped with + * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields + * directly (without using the MBEDTLS_PRIVATE wrapper). */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F + +#if defined(MBEDTLS_THREADING_PTHREAD) +#include <pthread.h> +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) +/* You should define the mbedtls_test_thread_t type in your header */ +#include "threading_alt.h" + +/** + * \brief Set your alternate threading implementation + * function pointers for test threads. If used, this + * function must be called once in the main thread + * before any other MbedTLS function is called. + * + * \note These functions are part of the testing API only and + * thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \param thread_create The thread create function implementation. + * \param thread_join The thread join function implementation. + + */ +void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)( + void *), + void *thread_data), + int (*thread_join)(mbedtls_test_thread_t *thread)); + +#else /* MBEDTLS_THREADING_ALT*/ + +typedef struct mbedtls_test_thread_t { + +#if defined(MBEDTLS_THREADING_PTHREAD) + pthread_t MBEDTLS_PRIVATE(thread); +#else /* MBEDTLS_THREADING_PTHREAD */ + /* Make sure this struct is always non-empty */ + unsigned dummy; +#endif + +} mbedtls_test_thread_t; + +#endif /* MBEDTLS_THREADING_ALT*/ + +/** + * \brief The function pointers for thread create and thread + * join. + * + * \note These functions are part of the testing API only + * and thus not considered part of the public API of + * MbedTLS and thus may change without notice. + * + * \note All these functions are expected to work or + * the result will be undefined. + */ +extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), void *thread_data); +extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread); + +#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_TEST_MUTEX_USAGE +#endif + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +/** + * Activate the mutex usage verification framework. See threading_helpers.c for + * information. + */ +void mbedtls_test_mutex_usage_init(void); + +/** + * Deactivate the mutex usage verification framework. See threading_helpers.c + * for information. + */ +void mbedtls_test_mutex_usage_end(void); + +/** + * Call this function after executing a test case to check for mutex usage + * errors. + */ +void mbedtls_test_mutex_usage_check(void); +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ + +#endif /* THREADING_HELPERS_H */ diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh index 1190a87..9cf2550 100755 --- a/tests/opt-testcases/tls13-compat.sh +++ b/tests/opt-testcases/tls13-compat.sh @@ -363,6 +363,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -380,6 +381,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -397,6 +399,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -415,6 +418,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -777,6 +781,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -794,6 +799,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -811,6 +817,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -829,6 +836,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1191,6 +1199,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1208,6 +1217,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1225,6 +1235,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1243,6 +1254,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1605,6 +1617,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1622,6 +1635,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1639,6 +1653,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -1657,6 +1672,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -2019,6 +2035,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -2036,6 +2053,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -2053,6 +2071,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -2071,6 +2090,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -2473,6 +2493,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2492,6 +2513,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2511,6 +2533,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2531,6 +2554,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2935,6 +2959,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2954,6 +2979,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2973,6 +2999,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -2993,6 +3020,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3397,6 +3425,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3416,6 +3445,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3435,6 +3465,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3455,6 +3486,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3859,6 +3891,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3878,6 +3911,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3897,6 +3931,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -3917,6 +3952,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -4321,6 +4357,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -4340,6 +4377,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -4359,6 +4397,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -4379,6 +4418,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -4764,6 +4804,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -4782,6 +4823,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -4800,6 +4842,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -4819,6 +4862,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -5202,6 +5246,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -5220,6 +5265,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -5238,6 +5284,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -5257,6 +5304,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -5640,6 +5688,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -5658,6 +5707,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -5676,6 +5726,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -5695,6 +5746,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -6078,6 +6130,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -6096,6 +6149,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -6114,6 +6168,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -6133,6 +6188,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -6516,6 +6572,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -6534,6 +6591,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -6552,6 +6610,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -6571,6 +6630,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -6996,6 +7056,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -7016,6 +7077,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -7036,6 +7098,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -7057,6 +7120,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -7482,6 +7546,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -7502,6 +7567,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -7522,6 +7588,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -7543,6 +7610,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -7968,6 +8036,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -7988,6 +8057,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -8008,6 +8078,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -8029,6 +8100,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -8454,6 +8526,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -8474,6 +8547,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -8494,6 +8568,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -8515,6 +8590,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -8940,6 +9016,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -8960,6 +9037,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -8980,6 +9058,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -9001,6 +9080,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -9548,11 +9628,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -9574,11 +9656,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -9600,11 +9684,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -9627,12 +9713,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -10184,11 +10272,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -10210,11 +10300,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -10236,11 +10328,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -10263,12 +10357,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -10820,11 +10916,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -10846,11 +10944,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -10872,11 +10972,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -10899,12 +11001,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -11456,11 +11560,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -11482,11 +11588,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -11508,11 +11616,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -11535,12 +11645,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -12092,11 +12204,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \ @@ -12118,11 +12232,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \ "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \ @@ -12144,11 +12260,13 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \ "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \ @@ -12171,12 +12289,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \ "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \ @@ -12258,6 +12378,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -12333,6 +12454,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -12408,6 +12530,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -12483,6 +12606,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -12558,6 +12682,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_openssl_tls1_3_with_ffdh run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ @@ -12716,6 +12841,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -12801,6 +12927,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -12886,6 +13013,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -12971,6 +13099,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13056,6 +13185,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13232,6 +13362,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ @@ -13323,6 +13454,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ @@ -13414,6 +13546,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ @@ -13505,6 +13638,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ @@ -13596,6 +13730,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ @@ -13615,6 +13750,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ @@ -13634,6 +13770,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ @@ -13653,6 +13790,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ @@ -13672,6 +13810,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ @@ -13691,6 +13830,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \ "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ @@ -13792,6 +13932,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ @@ -13893,6 +14034,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ @@ -13994,6 +14136,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ @@ -14095,6 +14238,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ @@ -14196,6 +14340,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ @@ -14217,6 +14362,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ @@ -14238,6 +14384,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ @@ -14259,6 +14406,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ @@ -14280,6 +14428,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ @@ -14301,6 +14450,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ @@ -14418,12 +14568,14 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \ @@ -14544,12 +14696,14 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \ @@ -14670,12 +14824,14 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \ @@ -14796,12 +14952,14 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \ @@ -14922,12 +15080,14 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \ @@ -14954,6 +15114,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \ @@ -14980,6 +15141,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \ @@ -15006,6 +15168,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \ @@ -15032,6 +15195,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \ @@ -15058,6 +15222,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled PSA_WANT_ALG_ECDH requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_2048 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \ "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \ diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 4581bc5..49f06e0 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -23,7 +23,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -41,7 +41,7 @@ run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -78,7 +78,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -96,7 +96,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -151,7 +151,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -188,7 +188,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -206,7 +206,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -261,7 +261,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -280,7 +280,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -319,7 +319,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -338,7 +338,7 @@ run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -377,7 +377,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -396,7 +396,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -435,7 +435,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -454,7 +454,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -493,7 +493,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -512,7 +512,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -550,8 +550,9 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \ -s "found pre_shared_key extension" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ + -s "No suitable PSK key exchange mode" \ -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -572,7 +573,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -592,7 +593,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -633,7 +634,7 @@ run_test "TLS 1.3: G->m: all/all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -653,7 +654,7 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -694,7 +695,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -733,8 +734,9 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ + -s "No suitable PSK key exchange mode" \ -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -754,7 +756,7 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -793,7 +795,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \ -S "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -921,7 +923,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -s "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -938,7 +940,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -973,7 +975,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -990,7 +992,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1025,7 +1027,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1042,7 +1044,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1078,7 +1080,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1096,7 +1098,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1133,7 +1135,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1151,7 +1153,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1188,7 +1190,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1206,7 +1208,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch, -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1243,7 +1245,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1261,7 +1263,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1299,7 +1301,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1318,7 +1320,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1357,7 +1359,7 @@ run_test "TLS 1.3: O->m: all/all, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" @@ -1376,7 +1378,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1413,8 +1415,9 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \ -s "found pre_shared_key extension" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -S "Found PSK KEX MODE" \ + -s "No suitable PSK key exchange mode" \ -S "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1433,7 +1436,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \ -s "Found PSK_EPHEMERAL KEX MODE" \ -s "Found PSK KEX MODE" \ -s "Pre shared key found" \ - -S "No matched PSK or ticket" \ + -S "No usable PSK or ticket" \ -S "key exchange mode: psk$" \ -S "key exchange mode: psk_ephemeral" \ -s "key exchange mode: ephemeral" @@ -1580,7 +1583,7 @@ run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" + -s "No usable PSK or ticket" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1665,7 +1668,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1711,7 +1714,7 @@ run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1769,7 +1772,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch" -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1827,7 +1830,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch" -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" + -s "No usable PSK or ticket" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -1870,7 +1873,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -1916,7 +1919,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2047,7 +2050,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" + -s "No usable PSK or ticket" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2106,7 +2109,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fal -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "key exchange mode: ephemeral" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2152,7 +2155,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2199,7 +2202,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback" -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "key exchange mode: ephemeral" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2288,7 +2291,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2348,7 +2351,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" + -s "No usable PSK or ticket" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2392,7 +2395,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2438,7 +2441,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" + -s "No usable PSK or ticket" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_SRV_C @@ -2485,7 +2488,7 @@ run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2532,7 +2535,7 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2595,7 +2598,7 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback" -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -c "Selected key exchange mode: ephemeral" \ -c "HTTP/1.0 200 OK" @@ -2643,7 +2646,7 @@ run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "ClientHello message misses mandatory extensions." requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 @@ -2690,7 +2693,7 @@ run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \ -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \ -c "client hello, adding psk_key_exchange_modes extension" \ -c "client hello, adding PSK binder list" \ - -s "No matched PSK or ticket" \ + -s "No usable PSK or ticket" \ -s "key exchange mode: ephemeral" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index c1682e3..066fa3f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -263,7 +263,7 @@ requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK \ --earlydata --maxearlydata 16384 --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1 reco_delay=900" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ 0 \ -c "received max_early_data_size: 16384" \ -c "Reconnecting with saved session" \ @@ -285,9 +285,34 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +run_test "TLS 1.3 m->G: EarlyData: write early data, good" \ + "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ + 0 \ + -c "Reconnecting with saved session" \ + -c "NewSessionTicket: early_data(42) extension received." \ + -c "ClientHello: early_data(42) extension exists." \ + -c "EncryptedExtensions: early_data(42) extension received." \ + -c "EncryptedExtensions: early_data(42) extension exists." \ + -c "<= write early_data" \ + -c "<= write EndOfEarlyData" \ + -s "Parsing extension 'Early Data/42' (0 bytes)" \ + -s "Sending extension Early Data/42 (0 bytes)" \ + -s "END OF EARLY DATA (5) was received." \ + -s "early data accepted" \ + -s "decrypted early data with length" + +requires_gnutls_tls1_3 +requires_config_enabled MBEDTLS_DEBUG_C +requires_config_enabled MBEDTLS_SSL_CLI_C +requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_EARLY_DATA +requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ - "$P_CLI debug_level=4 early_data=$EARLY_DATA_INPUT reco_mode=1 reconnect=1" \ + "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ 0 \ -c "Reconnecting with saved session" \ -C "NewSessionTicket: early_data(42) extension received." \ @@ -328,8 +353,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ -s "key exchange mode: ephemeral" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk$" \ - -s "No suitable key exchange mode" \ - -s "No matched PSK or ticket" + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -340,7 +365,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ @@ -356,8 +381,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ -s "key exchange mode: ephemeral" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk$" \ - -s "No suitable key exchange mode" \ - -s "No matched PSK or ticket" + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -368,7 +393,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ @@ -384,8 +409,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ -s "key exchange mode: ephemeral" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk$" \ - -s "No suitable key exchange mode" \ - -s "No matched PSK or ticket" + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -400,8 +425,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ -s "key exchange mode: ephemeral" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk$" \ - -s "No suitable key exchange mode" \ - -s "No matched PSK or ticket" + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -412,7 +437,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemera "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" \ -s "key exchange mode: psk_ephemeral" @@ -425,7 +450,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" \ -s "key exchange mode: psk_ephemeral" @@ -443,8 +468,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ -s "key exchange mode: ephemeral" \ -S "key exchange mode: psk_ephemeral" \ -S "key exchange mode: psk$" \ - -s "No suitable key exchange mode" \ - -s "No matched PSK or ticket" + -s "No suitable PSK key exchange mode" \ + -s "No usable PSK or ticket" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ @@ -456,7 +481,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ @@ -469,7 +494,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" \ -s "key exchange mode: psk_ephemeral" @@ -483,7 +508,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ 0 \ -c "Pre-configured PSK number = 1" \ - -S "No suitable key exchange mode" \ + -S "No suitable PSK key exchange mode" \ -s "found matched identity" \ -s "key exchange mode: psk_ephemeral" @@ -502,8 +527,26 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \ -d 10 -r --earlydata $EARLY_DATA_INPUT " \ 0 \ - -s "NewSessionTicket: early_data(42) extension exists." \ -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN" \ + -s "NewSessionTicket: early_data(42) extension exists." \ -s "ClientHello: early_data(42) extension exists." \ -s "EncryptedExtensions: early_data(42) extension exists." \ - -s "$( tail -1 $EARLY_DATA_INPUT )" + -s "$( head -1 $EARLY_DATA_INPUT )" \ + -s "$( tail -1 $EARLY_DATA_INPUT )" \ + -s "200 early data bytes read" \ + -s "106 early data bytes read" + +requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \ + MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \ + MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \ + "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \ + "$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \ + 0 \ + -s "key exchange mode: ephemeral" \ + -S "key exchange mode: psk" \ + -s "found matched identity" \ + -s "EarlyData: rejected, not a session resumption" \ + -C "EncryptedExtensions: early_data(42) extension exists." diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a9e2792..66bba9c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -212,10 +212,21 @@ pre_initialize_variables () { # defined in this script whose name starts with "component_". ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') - # Delay determinig SUPPORTED_COMPONENTS until the command line options have a chance to override + # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override # the commands set by the environment } +setup_quiet_wrappers() +{ + # Pick up "quiet" wrappers for make and cmake, which don't output very much + # unless there is an error. This reduces logging overhead in the CI. + # + # Note that the cmake wrapper breaks unless we use an absolute path here. + if [[ -e ${PWD}/tests/scripts/quiet ]]; then + export PATH=${PWD}/tests/scripts/quiet:$PATH + fi +} + # Test whether the component $1 is included in the command line patterns. is_component_included() { @@ -821,6 +832,14 @@ pre_generate_files() { fi } +clang_version() { + if command -v clang > /dev/null ; then + clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#' + else + echo 0 # report version 0 for "no clang" + fi +} + ################################################################ #### Helpers for components using libtestdriver1 ################################################################ @@ -881,6 +900,16 @@ helper_libtestdriver1_adjust_config() { # Dynamic secure element support is a deprecated feature and needs to be disabled here. # This is done to have the same form of psa_key_attributes_s for libdriver and library. scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + + # If threading is enabled on the normal build, then we need to enable it in the drivers as well, + # otherwise we will end up running multithreaded tests without mutexes to protect them. + if scripts/config.py get MBEDTLS_THREADING_C; then + scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C + fi + + if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then + scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD + fi } # When called with no parameter this function disables all builtin curves. @@ -907,6 +936,18 @@ helper_get_psa_curve_list () { echo "$loc_list" } +# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H, +# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups +# in the following helpers. +helper_get_psa_dh_group_list () { + loc_list="" + for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do + loc_list="$loc_list $item" + done + + echo "$loc_list" +} + # Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This # is useful to easily get a list of key type symbols to accelerate. # The function accepts a single argument which is the key type: ECC, DH, RSA. @@ -1059,8 +1100,8 @@ component_check_test_dependencies () { echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected - # This is used by import_rsa_made_up() in test_suite_psa_crypto in order - # to build a fake RSA key of the wanted size based on + # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto + # in order to build a fake RSA key of the wanted size based on # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by # the test code and that's probably the most convenient way of achieving # the test's goal. @@ -1069,9 +1110,8 @@ component_check_test_dependencies () { echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected - # Used by two tests that are about an extension to the PSA standard; - # as such, no PSA equivalent. - echo "MBEDTLS_PEM_PARSE_C" >> $expected + # No PSA equivalent - required to run threaded tests. + echo "MBEDTLS_THREADING_PTHREAD" >> $expected # Compare reality with expectation. # We want an exact match, to ensure the above list remains up-to-date. @@ -1563,6 +1603,7 @@ component_test_full_no_cipher_no_psa_crypto () { scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TICKET_C # Disable features that depend on PSA_CRYPTO_C @@ -2170,6 +2211,8 @@ component_test_tsan () { scripts/config.py full scripts/config.py set MBEDTLS_THREADING_C scripts/config.py set MBEDTLS_THREADING_PTHREAD + # Self-tests do not currently use multiple threads. + scripts/config.py unset MBEDTLS_SELF_TEST CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan . make @@ -2385,6 +2428,26 @@ component_test_depends_py_pkalgs_psa () { tests/scripts/depends.py pkalgs } +component_test_psa_crypto_config_ffdh_2048_only () { + msg "build: full config - only DH 2048" + + scripts/config.py full + + # Disable all DH groups other than 2048. + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192 + + make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full config - only DH 2048" + make test + + msg "ssl-opt: full config - only DH 2048" + tests/ssl-opt.sh -f "ffdh" +} + component_build_no_pk_rsa_alt_support () { msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s @@ -2441,11 +2504,12 @@ component_build_dhm_alt () { make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib } -component_test_no_use_psa_crypto_full_cmake_asan() { - # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh - msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" +component_test_no_psa_crypto_full_cmake_asan() { + # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh + msg "build: cmake, full config minus PSA crypto, ASan" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C @@ -2456,22 +2520,22 @@ component_test_no_use_psa_crypto_full_cmake_asan() { CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: main suites (full minus PSA crypto)" make test # Note: ssl-opt.sh has some test cases that depend on # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO # This is the only component where those tests are not skipped. - msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: ssl-opt.sh (full minus PSA crypto)" tests/ssl-opt.sh - msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh default (full minus PSA crypto)" tests/compat.sh - msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh NULL (full minus PSA crypto)" tests/compat.sh -f 'NULL' - msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" + msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)" env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } @@ -2564,7 +2628,8 @@ component_test_psa_crypto_config_accel_ffdh () { # Algorithms and key types to accelerate loc_accel_list="ALG_FFDH \ - $(helper_get_psa_key_type_list "DH")" + $(helper_get_psa_key_type_list "DH") \ + $(helper_get_psa_dh_group_list)" # Configure # --------- @@ -2763,12 +2828,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () { scripts/config.py unset MBEDTLS_PK_C scripts/config.py unset MBEDTLS_PK_PARSE_C scripts/config.py unset MBEDTLS_PK_WRITE_C - # We need to disable RSA too or PK will be re-enabled. - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*" - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PKCS1_V15 - scripts/config.py unset MBEDTLS_PKCS1_V21 # Disable modules that are accelerated - some will be re-enabled scripts/config.py unset MBEDTLS_ECDSA_C @@ -3096,6 +3155,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { # PSA sides, and also disable the key exchanges that depend on DHM. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" scripts/config.py unset MBEDTLS_DHM_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED @@ -3150,7 +3210,8 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { if [ "$test_target" = "ECC_DH" ]; then loc_accel_list="$loc_accel_list \ ALG_FFDH \ - $(helper_get_psa_key_type_list "DH")" + $(helper_get_psa_key_type_list "DH") \ + $(helper_get_psa_dh_group_list)" fi # Configure @@ -3666,6 +3727,75 @@ component_test_psa_crypto_config_reference_hash_use_psa() { tests/ssl-opt.sh } +# Auxiliary function to build config for hashes with and without drivers +config_psa_crypto_hmac_use_psa () { + driver_only="$1" + # start with config full for maximum coverage (also enables USE_PSA) + helper_libtestdriver1_adjust_config "full" + + if [ "$driver_only" -eq 1 ]; then + # Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT + # is still enabled though (for ENTROPY_C among others). + scripts/config.py unset MBEDTLS_MD_C + # Disable also the builtin hashes since they are supported by the driver + # and MD module is able to perform PSA dispathing. + scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset MBEDTLS_MD5_C + scripts/config.py unset MBEDTLS_RIPEMD160_C + fi + + # Direct dependencies of MD_C. We disable them also in the reference + # component to work with the same set of features. + scripts/config.py unset MBEDTLS_PKCS7_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_HKDF_C + # Dependencies of HMAC_DRBG + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA +} + +component_test_psa_crypto_config_accel_hmac() { + msg "test: full with accelerated hmac" + + loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \ + ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ + ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" + + # Configure + # --------- + + config_psa_crypto_hmac_use_psa 1 + + # Build + # ----- + + helper_libtestdriver1_make_drivers "$loc_accel_list" + + helper_libtestdriver1_make_main "$loc_accel_list" + + # Ensure that built-in support for HMAC is disabled. + not grep mbedtls_md_hmac library/md.o + + # Run the tests + # ------------- + + msg "test: full with accelerated hmac" + make test +} + +component_test_psa_crypto_config_reference_hmac() { + msg "test: full without accelerated hmac" + + config_psa_crypto_hmac_use_psa 0 + + make + + msg "test: full without accelerated hmac" + make test +} + component_test_psa_crypto_config_accel_des () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES" @@ -4662,6 +4792,26 @@ component_test_aesni () { # ~ 60s not grep -q "AES note: built-in implementation." ./programs/test/selftest } +component_test_sha3_variations() { + msg "sha3 loop unroll variations" + + # define minimal config sufficient to test SHA3 + cat > include/mbedtls/mbedtls_config.h << END + #define MBEDTLS_SELF_TEST + #define MBEDTLS_SHA3_C +END + + msg "all loops unrolled" + make clean + make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" + ./tests/test_suite_shax + + msg "all loops rolled up" + make clean + make -C tests test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0" + ./tests/test_suite_shax +} + support_test_aesni_m32() { support_test_m32_no_asm && (lscpu | grep -qw aes) } @@ -4703,14 +4853,8 @@ component_test_aesni_m32 () { # ~ 60s } support_test_aesni_m32_clang() { - support_test_aesni_m32 && if command -v clang > /dev/null ; then - # clang >= 4 is required to build with target attributes - clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')" - [[ "${clang_ver}" -ge 4 ]] - else - # clang not available - false - fi + # clang >= 4 is required to build with target attributes + support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]] } component_test_aesni_m32_clang() { @@ -4761,9 +4905,8 @@ component_build_aes_aesce_armcc () { } support_build_aes_armce() { - # clang >= 4 is required to build with AES extensions - ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')" - [ "${ver}" -ge 11 ] + # clang >= 11 is required to build with AES extensions + [[ $(clang_version) -ge 11 ]] } component_build_aes_armce () { @@ -4818,15 +4961,8 @@ component_build_aes_armce () { } support_build_sha_armce() { - if command -v clang > /dev/null ; then - # clang >= 4 is required to build with SHA extensions - clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')" - - [[ "${clang_ver}" -ge 4 ]] - else - # clang not available - false - fi + # clang >= 4 is required to build with SHA extensions + [[ $(clang_version) -ge 4 ]] } component_build_sha_armce () { @@ -4956,6 +5092,19 @@ component_test_aes_only_128_bit_keys_have_builtins () { programs/test/selftest } +component_test_gcm_largetable () { + msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C" + scripts/config.py set MBEDTLS_GCM_LARGE_TABLE + scripts/config.py unset MBEDTLS_PADLOCK_C + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_AESCE_C + + make CFLAGS='-O2 -Werror -Wall -Wextra' + + msg "test: default config - GCM_LARGE_TABLE - AESNI_C - AESCE_C" + make test +} + component_test_aes_fewer_tables () { msg "build: default config with AES_FEWER_TABLES enabled" scripts/config.py set MBEDTLS_AES_FEWER_TABLES @@ -6260,6 +6409,7 @@ pre_check_environment pre_initialize_variables pre_parse_command_line "$@" +setup_quiet_wrappers pre_check_git pre_restore_files pre_back_up diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 6503f9a..5b4deb6 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -240,6 +240,44 @@ KNOWN_TASKS = { } } }, + 'analyze_driver_vs_reference_hmac': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_hmac', + 'component_driver': 'test_psa_crypto_config_accel_hmac', + 'ignored_suites': [ + # These suites require legacy hash support, which is disabled + # in the accelerated component. + 'shax', 'mdx', + # This suite tests builtins directly, but these are missing + # in the accelerated case. + 'psa_crypto_low_hash.generated', + ], + 'ignored_tests': { + 'test_suite_md': [ + # Builtin HMAC is not supported in the accelerate component. + re.compile('.*HMAC.*'), + # Following tests make use of functions which are not available + # when MD_C is disabled, as it happens in the accelerated + # test component. + re.compile('generic .* Hash file .*'), + 'MD list', + ], + 'test_suite_md.psa': [ + # "legacy only" tests require hash algorithms to be NOT + # accelerated, but this of course false for the accelerated + # test component. + re.compile('PSA dispatch .* legacy only'), + ], + 'test_suite_platform': [ + # Incompatible with sanitizers (e.g. ASan). If the driver + # component uses a sanitizer but the reference component + # doesn't, we have a PASS vs SKIP mismatch. + 'Check mbedtls_calloc overallocation', + ], + } + } + }, 'analyze_driver_vs_reference_cipher_aead_cmac': { 'test_function': do_analyze_driver_vs_reference, 'args': { @@ -532,6 +570,11 @@ KNOWN_TASKS = { re.compile(r'mbedtls_ct_zeroize_if .*'), re.compile(r'mbedtls_ct_memmove_left .*') ], + 'test_suite_psa_crypto': [ + # We don't support generate_key_ext entry points + # in drivers yet. + re.compile(r'PSA generate key ext: RSA, e=.*'), + ], } } }, @@ -562,6 +605,11 @@ KNOWN_TASKS = { # but these are not available in the accelerated component. re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'), ], + 'test_suite_pkcs5': [ + # The AES part of PKCS#5 PBES2 is not yet supported. + # The rest of PKCS#5 (PBKDF2) works, though. + re.compile(r'PBES2 .* AES-.*') + ], 'test_suite_pkparse': [ # PEM (called by pkparse) requires AES_C in order to decrypt # the key, but this is not available in the accelerated @@ -571,8 +619,7 @@ KNOWN_TASKS = { 'test_suite_pem': [ # Following tests require AES_C, but this is diabled in the # accelerated component. - 'PEM read (AES-128-CBC + invalid iv)', - 'PEM read (malformed PEM AES-128-CBC)', + re.compile('PEM read .*AES.*'), 'PEM read (unknown encryption algorithm)', ], 'test_suite_error': [ diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 65fbc9f..4483f55 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -173,6 +173,8 @@ class ShebangIssueTracker(FileIssueTracker): b'sh': 'sh', } + path_exemptions = re.compile(r'tests/scripts/quiet/.*') + def is_valid_shebang(self, first_line, filepath): m = re.match(self._shebang_re, first_line) if not m: diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 1a84531..1990cd2 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -199,7 +199,10 @@ and subsequent commands are tests that cannot run if the build failed).''' success = True for command in self.commands: log_command(command) - ret = subprocess.call(command) + env = os.environ.copy() + if 'MBEDTLS_TEST_CONFIGURATION' in env: + env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name + ret = subprocess.call(command, env=env) if ret != 0: if command[0] not in ['make', options.make_command]: log_line('*** [{}] Error {}'.format(' '.join(command), ret)) diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py index fdb264d..8b28590 100755 --- a/tests/scripts/generate_tls13_compat_tests.py +++ b/tests/scripts/generate_tls13_compat_tests.py @@ -353,6 +353,19 @@ class MbedTLSBase(TLSProgram): ret += ["groups={named_groups}".format(named_groups=named_groups)] return ret + #pylint: disable=missing-function-docstring + def add_ffdh_group_requirements(self, requirement_list): + if 'ffdhe2048' in self._named_groups: + requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048') + if 'ffdhe3072' in self._named_groups: + requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048') + if 'ffdhe4096' in self._named_groups: + requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048') + if 'ffdhe6144' in self._named_groups: + requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048') + if 'ffdhe8192' in self._named_groups: + requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048') + def pre_checks(self): ret = ['requires_config_enabled MBEDTLS_DEBUG_C', 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED'] @@ -365,13 +378,14 @@ class MbedTLSBase(TLSProgram): 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448'] - ffdh_groups = ['ffdhe2048'] + ffdh_groups = ['ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192'] if any(x in ec_groups for x in self._named_groups): ret.append('requires_config_enabled PSA_WANT_ALG_ECDH') if any(x in ffdh_groups for x in self._named_groups): ret.append('requires_config_enabled PSA_WANT_ALG_FFDH') + self.add_ffdh_group_requirements(ret) return ret diff --git a/tests/scripts/quiet/cmake b/tests/scripts/quiet/cmake new file mode 100755 index 0000000..930931d --- /dev/null +++ b/tests/scripts/quiet/cmake @@ -0,0 +1,19 @@ +#! /usr/bin/env bash +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This swallows the output of the wrapped tool, unless there is an error. +# This helps reduce excess logging in the CI. + +# If you are debugging a build / CI issue, you can get complete unsilenced logs +# by un-commenting the following line (or setting VERBOSE_LOGS in your environment): + +# export VERBOSE_LOGS=1 + +# don't silence invocations containing these arguments +export NO_SILENCE=" --version " + +export TOOL="cmake" + +exec "$(dirname "$0")/quiet.sh" "$@" diff --git a/tests/scripts/quiet/make b/tests/scripts/quiet/make new file mode 100755 index 0000000..d022551 --- /dev/null +++ b/tests/scripts/quiet/make @@ -0,0 +1,19 @@ +#! /usr/bin/env bash +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This swallows the output of the wrapped tool, unless there is an error. +# This helps reduce excess logging in the CI. + +# If you are debugging a build / CI issue, you can get complete unsilenced logs +# by un-commenting the following line (or setting VERBOSE_LOGS in your environment): + +# export VERBOSE_LOGS=1 + +# don't silence invocations containing these arguments +export NO_SILENCE=" --version | test " + +export TOOL="make" + +exec "$(dirname "$0")/quiet.sh" "$@" diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh new file mode 100755 index 0000000..30ee569 --- /dev/null +++ b/tests/scripts/quiet/quiet.sh @@ -0,0 +1,75 @@ +# -*-mode: sh; sh-shell: bash -*- +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# +# This swallows the output of the wrapped tool, unless there is an error. +# This helps reduce excess logging in the CI. + +# If you are debugging a build / CI issue, you can get complete unsilenced logs +# by un-commenting the following line (or setting VERBOSE_LOGS in your environment): +# +# VERBOSE_LOGS=1 +# +# This script provides most of the functionality for the adjacent make and cmake +# wrappers. +# +# It requires two variables to be set: +# +# TOOL - the name of the tool that is being wrapped (with no path), e.g. "make" +# +# NO_SILENCE - a regex that describes the commandline arguments for which output will not +# be silenced, e.g. " --version | test ". In this example, "make lib test" will +# not be silent, but "make lib" will be. + +# Locate original tool +TOOL_WITH_PATH=$(dirname "$0")/$TOOL +ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1) + +print_quoted_args() { + # similar to printf '%q' "$@" + # but produce more human-readable results for common/simple cases like "a b" + for a in "$@"; do + # Get bash to quote the string + printf -v q '%q' "$a" + simple_pattern="^([-[:alnum:]_+./:@]+=)?([^']*)$" + if [[ "$a" != "$q" && $a =~ $simple_pattern ]]; then + # a requires some quoting (a != q), but has no single quotes, so we can + # simplify the quoted form - e.g.: + # a b -> 'a b' + # CFLAGS=a b -> CFLAGS='a b' + q="${BASH_REMATCH[1]}'${BASH_REMATCH[2]}'" + fi + printf " %s" "$q" + done +} + +if [[ ! " $* " =~ " --version " ]]; then + # Display the command being invoked - if it succeeds, this is all that will + # be displayed. Don't do this for invocations with --version, because + # this output is often parsed by scripts, so we don't want to modify it. + printf %s "${TOOL}" 1>&2 + print_quoted_args "$@" 1>&2 + echo 1>&2 +fi + +if [[ " $@ " =~ $NO_SILENCE || -n "${VERBOSE_LOGS}" ]]; then + # Run original command with no output supression + exec "${ORIGINAL_TOOL}" "$@" +else + # Run original command and capture output & exit status + TMPFILE=$(mktemp "quiet-${TOOL}.XXXXXX") + "${ORIGINAL_TOOL}" "$@" > "${TMPFILE}" 2>&1 + EXIT_STATUS=$? + + if [[ $EXIT_STATUS -ne 0 ]]; then + # On error, display the full output + cat "${TMPFILE}" + fi + + # Remove tmpfile + rm "${TMPFILE}" + + # Propagate the exit status + exit $EXIT_STATUS +fi diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 0d56ddf..8d70cbc 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -27,22 +27,10 @@ from mbedtls_dev import build_tree # The test numbers correspond to the numbers used by the console output of the test suite. # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx -EXPECTED_FAILURES = { - # psa_hash_suspend() and psa_hash_resume() are not supported. - # - Tracked in issue #3274 - 262, 263 -} - -# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches -# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite. -# These fixes allow the tests numbered 216, 248 and 249 to complete successfully. -# -# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag. -# - Tracked in issue #5145 -# -# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3 -PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' -PSA_ARCH_TESTS_REF = 'fix-pr-5736' +EXPECTED_FAILURES = {} # type: dict + +PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git' +PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC' #pylint: disable=too-many-branches,too-many-statements,too-many-locals def main(library_build_dir: str): diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c index c85e2ca..913f5e3 100644 --- a/tests/src/bignum_helpers.c +++ b/tests/src/bignum_helpers.c @@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s) } if (negative) { if (mbedtls_mpi_cmp_int(X, 0) == 0) { - ++mbedtls_test_case_uses_negative_0; + mbedtls_test_increment_case_uses_negative_0(); } X->s = -1; } diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index a3d532d..866b31e 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -225,10 +225,13 @@ psa_status_t mbedtls_test_transparent_generate_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return libtestdriver1_mbedtls_psa_rsa_generate_key( (const libtestdriver1_psa_key_attributes_t *) attributes, + NULL, 0, /* We don't support custom e in the test driver yet */ key, key_size, key_length); #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE) return mbedtls_psa_rsa_generate_key( - attributes, key, key_size, key_length); + attributes, + NULL, 0, /* We don't support custom e in the test driver yet */ + key, key_size, key_length); #endif } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 00dd3e2..4fca5d1 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -49,7 +49,7 @@ psa_status_t sign_hash( size_t signature_size, size_t *signature_length) { - if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -71,7 +71,7 @@ psa_status_t sign_hash( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -116,7 +116,7 @@ psa_status_t verify_hash( const uint8_t *signature, size_t signature_length) { - if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) { + if (PSA_KEY_TYPE_IS_RSA(attributes->type)) { if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || PSA_ALG_IS_RSA_PSS(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -138,7 +138,7 @@ psa_status_t verify_hash( } else { return PSA_ERROR_INVALID_ARGUMENT; } - } else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) { if (PSA_ALG_IS_ECDSA(alg)) { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 36564fe..be9155c 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -16,6 +16,9 @@ #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) #include <test/psa_memory_poisoning_wrappers.h> #endif +#if defined(MBEDTLS_THREADING_C) +#include "mbedtls/threading.h" +#endif /*----------------------------------------------------------------------------*/ /* Static global variables */ @@ -24,7 +27,288 @@ static mbedtls_platform_context platform_ctx; #endif -mbedtls_test_info_t mbedtls_test_info; +static mbedtls_test_info_t mbedtls_test_info; + +#ifdef MBEDTLS_THREADING_C +mbedtls_threading_mutex_t mbedtls_test_info_mutex; +#endif /* MBEDTLS_THREADING_C */ + +/*----------------------------------------------------------------------------*/ +/* Mbedtls Test Info accessors + * + * NOTE - there are two types of accessors here: public accessors and internal + * accessors. The public accessors have prototypes in helpers.h and lock + * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors, + * which are expected to be used from this module *only*, do not lock the mutex. + * These are designed to be called from within public functions which already + * hold the mutex. The main reason for this difference is the need to set + * multiple test data values atomically (without releasing the mutex) to prevent + * race conditions. */ + +mbedtls_test_result_t mbedtls_test_get_result(void) +{ + mbedtls_test_result_t result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + result = mbedtls_test_info.result; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return result; +} + +static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test, + int line_no, const char *filename) +{ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + mbedtls_test_info.result = result; + mbedtls_test_info.test = test; + mbedtls_test_info.line_no = line_no; + mbedtls_test_info.filename = filename; +} + +const char *mbedtls_test_get_test(void) +{ + const char *test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + test = mbedtls_test_info.test; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test; +} +const char *mbedtls_get_test_filename(void) +{ + const char *filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* It should be ok just to pass back the pointer here, as it is going to + * be a pointer into non changing data. */ + filename = mbedtls_test_info.filename; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return filename; +} + +int mbedtls_test_get_line_no(void) +{ + int line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + line_no = mbedtls_test_info.line_no; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return line_no; +} + +void mbedtls_test_increment_step(void) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + ++mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +unsigned long mbedtls_test_get_step(void) +{ + unsigned long step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + step = mbedtls_test_info.step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return step; +} + +static void mbedtls_test_reset_step_internal(void) +{ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + mbedtls_test_info.step = (unsigned long) (-1); +} + +void mbedtls_test_set_step(unsigned long step) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_info.step = step; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +void mbedtls_test_get_line1(char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +static void mbedtls_test_set_line1_internal(const char *line) +{ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + if (line == NULL) { + memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH); + } else { + memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH); + } +} + +void mbedtls_test_get_line2(char *line) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +static void mbedtls_test_set_line2_internal(const char *line) +{ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + if (line == NULL) { + memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH); + } else { + memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH); + } +} + + +#if defined(MBEDTLS_TEST_MUTEX_USAGE) +const char *mbedtls_test_get_mutex_usage_error(void) +{ + const char *usage_error; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + usage_error = mbedtls_test_info.mutex_usage_error; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return usage_error; +} + +void mbedtls_test_set_mutex_usage_error(const char *msg) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) { + mbedtls_test_info.mutex_usage_error = msg; + } + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} +#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE) + +#if defined(MBEDTLS_BIGNUM_C) + +unsigned mbedtls_test_get_case_uses_negative_0(void) +{ + unsigned test_case_uses_negative_0 = 0; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + return test_case_uses_negative_0; +} + +static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses) +{ + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + mbedtls_test_info.case_uses_negative_0 = uses; +} + +void mbedtls_test_increment_case_uses_negative_0(void) +{ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + ++mbedtls_test_info.case_uses_negative_0; + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} + +#endif /* MBEDTLS_BIGNUM_C */ + +#ifdef MBEDTLS_TEST_MUTEX_USAGE +mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void) +{ + return &mbedtls_test_info_mutex; +} + +#endif /* MBEDTLS_TEST_MUTEX_USAGE */ /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -54,6 +338,10 @@ int mbedtls_test_platform_setup(void) ret = mbedtls_platform_setup(&platform_ctx); #endif /* MBEDTLS_PLATFORM_C */ +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_init(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return ret; } @@ -64,6 +352,9 @@ void mbedtls_test_platform_teardown(void) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON) mbedtls_poison_test_hooks_teardown(); #endif +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_free(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown(&platform_ctx); @@ -85,48 +376,63 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc) return 0; } -void mbedtls_test_fail(const char *test, int line_no, const char *filename) +static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't + /* Internal function only - mbedtls_test_info_mutex should be held prior + * to calling this function. */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we have already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return; + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename); } - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; } -void mbedtls_test_skip(const char *test, int line_no, const char *filename) +void mbedtls_test_fail(const char *test, int line_no, const char *filename) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED; - mbedtls_test_info.test = test; - mbedtls_test_info.line_no = line_no; - mbedtls_test_info.filename = filename; +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_fail_internal(test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } -void mbedtls_test_set_step(unsigned long step) +void mbedtls_test_skip(const char *test, int line_no, const char *filename) { - mbedtls_test_info.step = step; -} +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ -#if defined(MBEDTLS_BIGNUM_C) -unsigned mbedtls_test_case_uses_negative_0 = 0; -#endif + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ +} void mbedtls_test_info_reset(void) { - mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS; - mbedtls_test_info.step = (unsigned long) (-1); - mbedtls_test_info.test = 0; - mbedtls_test_info.line_no = 0; - mbedtls_test_info.filename = 0; - memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1)); - memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2)); +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0); + mbedtls_test_reset_step_internal(); + mbedtls_test_set_line1_internal(NULL); + mbedtls_test_set_line2_internal(NULL); + #if defined(MBEDTLS_BIGNUM_C) - mbedtls_test_case_uses_negative_0 = 0; + mbedtls_test_set_case_uses_negative_0_internal(0); #endif + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ } int mbedtls_test_equal(const char *test, int line_no, const char *filename, @@ -139,20 +445,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, as we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail_internal(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + value1, (long long) value1); + mbedtls_test_set_line1_internal(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + value2, (long long) value2); + mbedtls_test_set_line2_internal(buf); } - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), - "lhs = 0x%016llx = %lld", - value1, (long long) value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), - "rhs = 0x%016llx = %lld", - value2, (long long) value2); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -166,20 +483,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail_internal(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %llu", + value1, value1); + mbedtls_test_set_line1_internal(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %llu", + value2, value2); + mbedtls_test_set_line2_internal(buf); } - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), - "lhs = 0x%016llx = %llu", - value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), - "rhs = 0x%016llx = %llu", - value2, value2); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } @@ -193,20 +521,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename, return 1; } - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) { - /* We've already recorded the test as having failed. Don't +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_lock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + + /* Don't use accessor, we already hold mutex. */ + if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { + /* If we've already recorded the test as having failed then don't * overwrite any previous information about the failure. */ - return 0; + + char buf[MBEDTLS_TEST_LINE_LENGTH]; + mbedtls_test_fail_internal(test, line_no, filename); + (void) mbedtls_snprintf(buf, sizeof(buf), + "lhs = 0x%016llx = %lld", + (unsigned long long) value1, value1); + mbedtls_test_set_line1_internal(buf); + (void) mbedtls_snprintf(buf, sizeof(buf), + "rhs = 0x%016llx = %lld", + (unsigned long long) value2, value2); + mbedtls_test_set_line2_internal(buf); } - mbedtls_test_fail(test, line_no, filename); - (void) mbedtls_snprintf(mbedtls_test_info.line1, - sizeof(mbedtls_test_info.line1), - "lhs = 0x%016llx = %lld", - (unsigned long long) value1, value1); - (void) mbedtls_snprintf(mbedtls_test_info.line2, - sizeof(mbedtls_test_info.line2), - "rhs = 0x%016llx = %lld", - (unsigned long long) value2, value2); + +#ifdef MBEDTLS_THREADING_C + mbedtls_mutex_unlock(&mbedtls_test_info_mutex); +#endif /* MBEDTLS_THREADING_C */ + return 0; } diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c new file mode 100644 index 0000000..f3ca850 --- /dev/null +++ b/tests/src/psa_crypto_stubs.c @@ -0,0 +1,25 @@ +/** \file psa_crypto_stubs.c + * + * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but + * MBEDTLS_PSA_CRYPTO_C is disabled. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include <psa/crypto.h> + +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) + +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size) +{ + (void) output; + (void) output_size; + + return PSA_ERROR_COMMUNICATION_FAILURE; +} + +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index f8b36e1..7b81052 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -20,6 +20,16 @@ #include <psa_crypto_slot_management.h> #include <test/psa_crypto_helpers.h> +#if defined(MBEDTLS_PK_C) +#include <pk_internal.h> +#endif +#if defined(MBEDTLS_ECP_C) +#include <mbedtls/ecp.h> +#endif +#if defined(MBEDTLS_RSA_C) +#include <rsa_internal.h> +#endif + #if defined(MBEDTLS_PSA_CRYPTO_SE_C) static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime) { @@ -283,23 +293,25 @@ static int exercise_signature_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { + /* If the policy allows signing with any hash, just pick one. */ + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH && + usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) { +#if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; +#else + TEST_FAIL("No hash algorithm for hash-and-sign testing"); +#endif + } + if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) && PSA_ALG_IS_SIGN_HASH(alg)) { unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 }; size_t payload_length = 16; unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; size_t signature_length = sizeof(signature); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - - /* If the policy allows signing with any hash, just pick one. */ - if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH) { - #if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; - #else - TEST_FAIL("No hash algorithm for hash-and-sign testing"); - #endif - } /* Some algorithms require the payload to have the size of * the hash encoded in the algorithm. Use this input size @@ -362,8 +374,10 @@ static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg) { - unsigned char plaintext[256] = "Hello, world..."; - unsigned char ciphertext[256] = "(wabblewebblewibblewobblewubble)"; + unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] = + "Hello, world..."; + unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] = + "(wabblewebblewibblewobblewubble)"; size_t ciphertext_length = sizeof(ciphertext); size_t plaintext_length = 16; @@ -414,6 +428,21 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_INFO, input2, input2_length)); + } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input1, input1_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) { + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + key)); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_INFO, + input2, + input2_length)); } else if (PSA_ALG_IS_TLS12_PRF(alg) || PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) { PSA_ASSERT(psa_key_derivation_input_bytes(operation, @@ -436,6 +465,10 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_key(operation, PSA_KEY_DERIVATION_INPUT_PASSWORD, key)); + } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + input1, input1_length)); } else { TEST_FAIL("Key derivation algorithm not supported"); } @@ -986,4 +1019,142 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type, } +int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg) +{ + /* Reject algorithms that we know are not supported. Default to + * attempting exercise, so that if an algorithm is missing from this + * function, the result will be a test failure and not silently + * omitting exercise. */ +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) + if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) + if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS) + if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) + if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDSA) + if (PSA_ALG_IS_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) + if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { + return 0; + } +#endif +#if !defined(PSA_WANT_ALG_ECDH) + if (PSA_ALG_IS_ECDH(alg)) { + return 0; + } +#endif + (void) alg; + return 1; +} + +#if defined(MBEDTLS_PK_C) +int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key, + const mbedtls_pk_context *pk) +{ + psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT; + int ok = 0; + + PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes)); + psa_key_type_t psa_type = psa_get_key_type(&psa_attributes); + mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk); + + TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) || + PSA_KEY_TYPE_IS_KEY_PAIR(psa_type)); + TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk)); + + uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + const uint8_t *pk_public = NULL; + size_t pk_public_length = 0; + + switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type)); + const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer); + uint8_t *cursor = end; + TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa, + pk_public_buffer, &cursor)); + pk_public = cursor; + pk_public_length = end - pk_public; + break; +#endif + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type)); + TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family); + pk_public = pk->pub_raw; + pk_public_length = pk->pub_raw_len; + break; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes))); + const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); + TEST_EQUAL(mbedtls_ecp_write_public_key( + ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length, + pk_public_buffer, sizeof(pk_public_buffer)), 0); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + case MBEDTLS_PK_OPAQUE: + PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes)); + psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes); + TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type), + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type)); + PSA_ASSERT(psa_export_public_key(psa_key, + pk_public_buffer, + sizeof(pk_public_buffer), + &pk_public_length)); + pk_public = pk_public_buffer; + break; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + default: + TEST_FAIL("pk type not supported"); + } + + uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; + size_t psa_public_length = 0; + PSA_ASSERT(psa_export_public_key(psa_key, + psa_public, sizeof(psa_public), + &psa_public_length)); + TEST_MEMORY_COMPARE(pk_public, pk_public_length, + psa_public, psa_public_length); + + ok = 1; + +exit: + psa_reset_key_attributes(&psa_attributes); + psa_reset_key_attributes(&pk_attributes); + return ok; +} +#endif /* MBEDTLS_PK_C */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 2368a76..56e03f1 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -12,9 +12,7 @@ #include "mbedtls/psa_util.h" #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int rng_seed = 0xBEEF; -static int rng_get(void *p_rng, unsigned char *output, size_t output_len) +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; for (size_t i = 0; i < output_len; i++) { @@ -23,7 +21,6 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len) return 0; } -#endif void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, @@ -46,39 +43,32 @@ void mbedtls_test_init_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + static int rng_seed = 0xBEEF; + srand(rng_seed); rng_seed += 0xD0; #endif + + memset(opts, 0, sizeof(*opts)); + opts->cipher = ""; opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN; opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3; - opts->expected_handshake_result = 0; - opts->expected_ciphersuite = 0; opts->pk_alg = MBEDTLS_PK_RSA; - opts->opaque_alg = 0; - opts->opaque_alg2 = 0; - opts->opaque_usage = 0; - opts->psk_str = NULL; - opts->dtls = 0; opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE; - opts->serialize = 0; opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE; opts->cli_msg_len = 100; opts->srv_msg_len = 100; opts->expected_cli_fragments = 1; opts->expected_srv_fragments = 1; - opts->renegotiate = 0; opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION; - opts->srv_log_obj = NULL; - opts->cli_log_obj = NULL; - opts->srv_log_fun = NULL; - opts->cli_log_fun = NULL; opts->resize_buffers = 1; + opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + opts->max_early_data_size = -1; #if defined(MBEDTLS_SSL_CACHE_C) - opts->cache = NULL; TEST_CALLOC(opts->cache, 1); mbedtls_ssl_cache_init(opts->cache); #if defined(MBEDTLS_HAVE_TIME) @@ -695,9 +685,20 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep, #if defined(MBEDTLS_USE_PSA_CRYPTO) if (opaque_alg != 0) { - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot, - opaque_alg, opaque_usage, - opaque_alg2), 0); + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + /* Use a fake key usage to get a successful initial guess for the PSA attributes. */ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH, + &key_attr), 0); + /* Then manually usage, alg and alg2 as requested by the test. */ + psa_set_key_usage_flags(&key_attr, opaque_usage); + psa_set_key_algorithm(&key_attr, opaque_alg); + if (opaque_alg2 != PSA_ALG_NONE) { + psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2); + } + TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0); + mbedtls_pk_free(cert->pkey); + mbedtls_pk_init(cert->pkey); + TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0); } #else (void) opaque_alg; @@ -733,8 +734,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_test_handshake_test_options *options, mbedtls_test_message_socket_context *dtls_context, mbedtls_test_ssl_message_queue *input_queue, - mbedtls_test_ssl_message_queue *output_queue, - uint16_t *group_list) + mbedtls_test_ssl_message_queue *output_queue) { int ret = -1; uintptr_t user_data_n; @@ -755,7 +755,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); + mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); @@ -818,12 +818,23 @@ int mbedtls_test_ssl_endpoint_init( } } - if (group_list != NULL) { - mbedtls_ssl_conf_groups(&(ep->conf), group_list); + if (options->group_list != NULL) { + mbedtls_ssl_conf_groups(&(ep->conf), options->group_list); } mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED); +#if defined(MBEDTLS_SSL_EARLY_DATA) + mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data); +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + (options->max_early_data_size >= 0)) { + mbedtls_ssl_conf_max_early_data_size(&(ep->conf), + options->max_early_data_size); + } +#endif +#endif + #if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) { mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache, @@ -841,6 +852,23 @@ int mbedtls_test_ssl_endpoint_init( } #endif +#if defined(MBEDTLS_DEBUG_C) +#if defined(MBEDTLS_SSL_SRV_C) + if (endpoint_type == MBEDTLS_SSL_IS_SERVER && + options->srv_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun, + options->srv_log_obj); + } +#endif +#if defined(MBEDTLS_SSL_CLI_C) + if (endpoint_type == MBEDTLS_SSL_IS_CLIENT && + options->cli_log_fun != NULL) { + mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun, + options->cli_log_obj); + } +#endif +#endif /* MBEDTLS_DEBUG_C */ + ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg, options->opaque_alg, options->opaque_alg2, @@ -1636,12 +1664,20 @@ exit: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, int ticket_len, + int endpoint_type, const char *crt_file) { + (void) ticket_len; + #if defined(MBEDTLS_HAVE_TIME) session->start = mbedtls_time(NULL) - 42; #endif session->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; + + TEST_ASSERT(endpoint_type == MBEDTLS_SSL_IS_CLIENT || + endpoint_type == MBEDTLS_SSL_IS_SERVER); + + session->endpoint = endpoint_type; session->ciphersuite = 0xabcd; session->id_len = sizeof(session->id); memset(session->id, 66, session->id_len); @@ -1707,7 +1743,8 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */ session->verify_result = 0xdeadbeef; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_CLI_C) if (ticket_len != 0) { session->ticket = mbedtls_calloc(1, ticket_len); if (session->ticket == NULL) { @@ -1717,9 +1754,14 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } session->ticket_len = ticket_len; session->ticket_lifetime = 86401; -#else - (void) ticket_len; +#endif /* MBEDTLS_SSL_CLI_C */ + +#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_HAVE_TIME) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { + session->ticket_creation_time = mbedtls_ms_time() - 42; + } #endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) session->mfl_code = 1; @@ -1728,6 +1770,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, session->encrypt_then_mac = 1; #endif +exit: return 0; } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -1977,13 +2020,19 @@ void mbedtls_test_ssl_perform_handshake( mbedtls_test_message_socket_init(&server_context); mbedtls_test_message_socket_init(&client_context); +#if defined(MBEDTLS_DEBUG_C) + if (options->cli_log_fun || options->srv_log_fun) { + mbedtls_debug_set_threshold(4); + } +#endif + /* Client side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, options, &client_context, &client_queue, - &server_queue, NULL) == 0); + &server_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client, mbedtls_timing_set_delay, @@ -1993,28 +2042,20 @@ void mbedtls_test_ssl_perform_handshake( TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); } if (strlen(options->cipher) > 0) { set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite); } -#if defined(MBEDTLS_DEBUG_C) - if (options->cli_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun, - options->cli_log_obj); - } -#endif - /* Server side */ if (options->dtls != 0) { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, options, &server_context, &server_queue, - &client_queue, NULL) == 0); + &client_queue) == 0); #if defined(MBEDTLS_TIMING_C) mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server, mbedtls_timing_set_delay, @@ -2023,7 +2064,7 @@ void mbedtls_test_ssl_perform_handshake( } else { TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - options, NULL, NULL, NULL, + options, NULL, NULL, NULL) == 0); } @@ -2072,14 +2113,6 @@ void mbedtls_test_ssl_perform_handshake( } #endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_DEBUG_C) - if (options->srv_log_fun) { - mbedtls_debug_set_threshold(4); - mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun, - options->srv_log_obj); - } -#endif - TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), BUFFSIZE) == 0); @@ -2419,4 +2452,96 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len( return 0; } #endif /* MBEDTLS_TEST_HOOKS */ + +/* + * Functions for tests based on tickets. Implementations of the + * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t. + * Basically same implementations as in ticket.c without the encryption. That + * way we can tweak easily tickets characteristics to simulate misbehaving + * peers. + */ +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +int mbedtls_test_ticket_write( + void *p_ticket, const mbedtls_ssl_session *session, + unsigned char *start, const unsigned char *end, + size_t *tlen, uint32_t *lifetime) +{ + int ret; + ((void) p_ticket); + + if ((ret = mbedtls_ssl_session_save(session, start, end - start, + tlen)) != 0) { + return ret; + } + + /* Maximum ticket lifetime as defined in RFC 8446 */ + *lifetime = 7 * 24 * 3600; + + return 0; +} + +int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, + unsigned char *buf, size_t len) +{ + ((void) p_ticket); + + return mbedtls_ssl_session_load(session, buf, len); +} +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + +#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \ + defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int mbedtls_test_get_tls13_ticket( + mbedtls_test_handshake_test_options *client_options, + mbedtls_test_handshake_test_options *server_options, + mbedtls_ssl_session *session) +{ + int ret = -1; + unsigned char buf[64]; + mbedtls_test_ssl_endpoint client_ep, server_ep; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0); + + do { + ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf)); + } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET); + + ret = mbedtls_ssl_get_session(&(client_ep.ssl), session); + TEST_EQUAL(ret, 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + + return ret; +} +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C && + MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS && + MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c index 5fbf65b..c1686c2 100644 --- a/tests/src/threading_helpers.c +++ b/tests/src/threading_helpers.c @@ -6,8 +6,74 @@ */ #include <test/helpers.h> +#include <test/threading_helpers.h> #include <test/macros.h> +#include "mbedtls/threading.h" + +#if defined(MBEDTLS_THREADING_C) + +#if defined(MBEDTLS_THREADING_PTHREAD) + +static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)( + void *), void *thread_data) +{ + if (thread == NULL || thread_func == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +static int threading_thread_join_pthread(mbedtls_test_thread_t *thread) +{ + if (thread == NULL) { + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; + } + + if (pthread_join(thread->thread, NULL) != 0) { + return MBEDTLS_ERR_THREADING_THREAD_ERROR; + } + + return 0; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_pthread; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread; + +#endif /* MBEDTLS_THREADING_PTHREAD */ + +#if defined(MBEDTLS_THREADING_ALT) + +static int threading_thread_create_fail(mbedtls_test_thread_t *thread, + void *(*thread_func)(void *), + void *thread_data) +{ + (void) thread; + (void) thread_func; + (void) thread_data; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +static int threading_thread_join_fail(mbedtls_test_thread_t *thread) +{ + (void) thread; + + return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA; +} + +int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *), + void *thread_data) = threading_thread_create_fail; +int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail; + +#endif /* MBEDTLS_THREADING_ALT */ + #if defined(MBEDTLS_TEST_MUTEX_USAGE) #include "mbedtls/threading.h" @@ -109,9 +175,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, { (void) mutex; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = msg; - } + mbedtls_test_set_mutex_usage_error(msg); mbedtls_fprintf(stdout, "[mutex: %s] ", msg); /* Don't mark the test as failed yet. This way, if the test fails later * for a functional reason, the test framework will report the message @@ -119,40 +183,60 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex, * mbedtls_test_mutex_usage_check() will mark it as failed. */ } +static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex) +{ + /* If we attempt to run tests on this mutex then we are going to run into a + * couple of problems: + * 1. If any test on this mutex fails, we are going to deadlock when + * reporting that failure, as we already hold the mutex at that point. + * 2. Given the 'global' position of the initialization and free of this + * mutex, it will be shown as leaked on the first test run. */ + if (mutex == mbedtls_test_get_info_mutex()) { + return 0; + } + + return 1; +} + static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex) { mutex_functions.init(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - mutex->state = MUTEX_IDLE; - ++live_mutexes; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + mutex->state = MUTEX_IDLE; + ++live_mutexes; - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } } static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex) { - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); - break; - case MUTEX_IDLE: - mutex->state = MUTEX_FREED; - --live_mutexes; - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "free without unlock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "free without init or double free"); + break; + case MUTEX_IDLE: + mutex->state = MUTEX_FREED; + --live_mutexes; + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "free without unlock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + mutex_functions.free(mutex); } @@ -162,26 +246,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex) * is to hold the passed in and internal mutex - otherwise we create a race * condition. */ int ret = mutex_functions.lock(mutex); - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "lock without init"); - break; - case MUTEX_IDLE: - if (ret == 0) { - mutex->state = MUTEX_LOCKED; - } - break; - case MUTEX_LOCKED: - mbedtls_test_mutex_usage_error(mutex, "double lock"); - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; - } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "lock without init"); + break; + case MUTEX_IDLE: + if (ret == 0) { + mutex->state = MUTEX_LOCKED; + } + break; + case MUTEX_LOCKED: + mbedtls_test_mutex_usage_error(mutex, "double lock"); + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); + } } + return ret; } @@ -190,23 +278,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex) /* Lock the internal mutex first and change state, so that the only way to * change the state is to hold the passed in and internal mutex - otherwise * we create a race condition. */ - if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { - switch (mutex->state) { - case MUTEX_FREED: - mbedtls_test_mutex_usage_error(mutex, "unlock without init"); - break; - case MUTEX_IDLE: - mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); - break; - case MUTEX_LOCKED: - mutex->state = MUTEX_IDLE; - break; - default: - mbedtls_test_mutex_usage_error(mutex, "corrupted state"); - break; + if (mbedtls_test_mutex_can_test(mutex)) { + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + switch (mutex->state) { + case MUTEX_FREED: + mbedtls_test_mutex_usage_error(mutex, "unlock without init"); + break; + case MUTEX_IDLE: + mbedtls_test_mutex_usage_error(mutex, "unlock without lock"); + break; + case MUTEX_LOCKED: + mutex->state = MUTEX_IDLE; + break; + default: + mbedtls_test_mutex_usage_error(mutex, "corrupted state"); + break; + } + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - mutex_functions.unlock(&mbedtls_test_mutex_mutex); } + return mutex_functions.unlock(mutex); } @@ -226,24 +317,26 @@ void mbedtls_test_mutex_usage_init(void) void mbedtls_test_mutex_usage_check(void) { - if (live_mutexes != 0) { - /* A positive number (more init than free) means that a mutex resource - * is leaking (on platforms where a mutex consumes more than the - * mbedtls_threading_mutex_t object itself). The rare case of a - * negative number means a missing init somewhere. */ - mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); - live_mutexes = 0; - if (mbedtls_test_info.mutex_usage_error == NULL) { - mbedtls_test_info.mutex_usage_error = "missing free"; + if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) { + if (live_mutexes != 0) { + /* A positive number (more init than free) means that a mutex resource + * is leaking (on platforms where a mutex consumes more than the + * mbedtls_threading_mutex_t object itself). The (hopefully) rare + * case of a negative number means a missing init somewhere. */ + mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes); + live_mutexes = 0; + mbedtls_test_set_mutex_usage_error("missing free"); } + if (mbedtls_test_get_mutex_usage_error() != NULL && + mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) { + /* Functionally, the test passed. But there was a mutex usage error, + * so mark the test as failed after all. */ + mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); + } + mbedtls_test_set_mutex_usage_error(NULL); + + mutex_functions.unlock(&mbedtls_test_mutex_mutex); } - if (mbedtls_test_info.mutex_usage_error != NULL && - mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) { - /* Functionally, the test passed. But there was a mutex usage error, - * so mark the test as failed after all. */ - mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__); - } - mbedtls_test_info.mutex_usage_error = NULL; } void mbedtls_test_mutex_usage_end(void) @@ -257,3 +350,5 @@ void mbedtls_test_mutex_usage_end(void) } #endif /* MBEDTLS_TEST_MUTEX_USAGE */ + +#endif /* MBEDTLS_THREADING_C */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 028a0f4..f17313f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -13638,6 +13638,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_3072 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13662,6 +13663,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_3072 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ @@ -13680,6 +13682,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_4096 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13704,6 +13707,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_4096 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ @@ -13722,6 +13726,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_6144 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13745,6 +13750,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_6144 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ @@ -13763,6 +13769,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_8192 requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat @@ -13787,6 +13794,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT requires_config_enabled PSA_WANT_ALG_FFDH +requires_config_enabled PSA_WANT_DH_RFC7919_8192 client_needs_more_time 4 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 86ff5b4..b5f5796 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -8,6 +8,7 @@ #include <test/random.h> #include <test/bignum_helpers.h> #include <test/psa_crypto_helpers.h> +#include <test/threading_helpers.h> #include <errno.h> #include <limits.h> diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index cc28697..eb42a07 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -371,14 +371,12 @@ static void write_outcome_entry(FILE *outcome_file, * \param missing_unmet_dependencies Non-zero if there was a problem tracking * all unmet dependencies, 0 otherwise. * \param ret The test dispatch status (DISPATCH_xxx). - * \param info A pointer to the test info structure. */ static void write_outcome_result(FILE *outcome_file, size_t unmet_dep_count, int unmet_dependencies[], int missing_unmet_dependencies, - int ret, - const mbedtls_test_info_t *info) + int ret) { if (outcome_file == NULL) { return; @@ -401,7 +399,7 @@ static void write_outcome_result(FILE *outcome_file, } break; } - switch (info->result) { + switch (mbedtls_test_get_result()) { case MBEDTLS_TEST_RESULT_SUCCESS: mbedtls_fprintf(outcome_file, "PASS;"); break; @@ -410,8 +408,9 @@ static void write_outcome_result(FILE *outcome_file, break; default: mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s", - info->filename, info->line_no, - info->test); + mbedtls_get_test_filename(), + mbedtls_test_get_line_no(), + mbedtls_test_get_test()); break; } break; @@ -614,7 +613,7 @@ int execute_tests(int argc, const char **argv) break; } mbedtls_fprintf(stdout, "%s%.66s", - mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ? + mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED ? "\n" : "", buf); mbedtls_fprintf(stdout, " "); for (i = strlen(buf) + 1; i < 67; i++) { @@ -690,7 +689,7 @@ int execute_tests(int argc, const char **argv) write_outcome_result(outcome_file, unmet_dep_count, unmet_dependencies, missing_unmet_dependencies, - ret, &mbedtls_test_info); + ret); if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) { total_skipped++; mbedtls_fprintf(stdout, "----"); @@ -715,30 +714,33 @@ int execute_tests(int argc, const char **argv) unmet_dep_count = 0; missing_unmet_dependencies = 0; } else if (ret == DISPATCH_TEST_SUCCESS) { - if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) { + if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SUCCESS) { mbedtls_fprintf(stdout, "PASS\n"); - } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) { + } else if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SKIPPED) { mbedtls_fprintf(stdout, "----\n"); total_skipped++; } else { + char line_buffer[MBEDTLS_TEST_LINE_LENGTH]; + total_errors++; mbedtls_fprintf(stdout, "FAILED\n"); mbedtls_fprintf(stdout, " %s\n at ", - mbedtls_test_info.test); - if (mbedtls_test_info.step != (unsigned long) (-1)) { + mbedtls_test_get_test()); + if (mbedtls_test_get_step() != (unsigned long) (-1)) { mbedtls_fprintf(stdout, "step %lu, ", - mbedtls_test_info.step); + mbedtls_test_get_step()); } mbedtls_fprintf(stdout, "line %d, %s", - mbedtls_test_info.line_no, - mbedtls_test_info.filename); - if (mbedtls_test_info.line1[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line1); + mbedtls_test_get_line_no(), + mbedtls_get_test_filename()); + + mbedtls_test_get_line1(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } - if (mbedtls_test_info.line2[0] != 0) { - mbedtls_fprintf(stdout, "\n %s", - mbedtls_test_info.line2); + mbedtls_test_get_line2(line_buffer); + if (line_buffer[0] != 0) { + mbedtls_fprintf(stdout, "\n %s", line_buffer); } } fflush(stdout); diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index f1748d1..a454eba 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -16,7 +16,7 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:NOT_DEFINED */ +/* BEGIN_CASE */ void aria_invalid_param() { mbedtls_aria_context ctx; @@ -52,8 +52,10 @@ void aria_invalid_param() output)); #endif /* MBEDTLS_CIPHER_MODE_CFB */ +#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) exit: return; +#endif } /* END_CASE */ diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function index c90f1bb..f3a64e1 100644 --- a/tests/suites/test_suite_bignum.function +++ b/tests/suites/test_suite_bignum.function @@ -24,7 +24,7 @@ static int sign_is_valid(const mbedtls_mpi *X) * we sometimes test the robustness of library functions when given * a negative zero input. If a test case has a negative zero as input, * we don't mind if the function has a negative zero output. */ - if (!mbedtls_test_case_uses_negative_0 && + if (!mbedtls_test_get_case_uses_negative_0() && mbedtls_mpi_bitlen(X) == 0 && X->s != 1) { return 0; } @@ -144,6 +144,26 @@ exit: /* END_CASE */ /* BEGIN_CASE */ +void mpi_zero_length_buffer_is_null() +{ + mbedtls_mpi X; + size_t olen; + + mbedtls_mpi_init(&X); + + /* Simply test that the following functions do not crash when a NULL buffer + * pointer and 0 length is passed. We don't care much about the return value. */ + TEST_EQUAL(mbedtls_mpi_read_binary(&X, NULL, 0), 0); + TEST_EQUAL(mbedtls_mpi_read_binary_le(&X, NULL, 0), 0); + TEST_EQUAL(mbedtls_mpi_write_string(&X, 16, NULL, 0, &olen), MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL); + TEST_EQUAL(mbedtls_mpi_write_binary(&X, NULL, 0), 0); + +exit: + mbedtls_mpi_free(&X); +} +/* END_CASE */ + +/* BEGIN_CASE */ void mpi_read_binary(data_t *buf, char *input_A) { mbedtls_mpi X; @@ -946,6 +966,45 @@ exit: /* END_CASE */ /* BEGIN_CASE */ +void mpi_exp_mod_min_RR(char *input_A, char *input_E, + char *input_N, char *input_X, + int exp_result) +{ + mbedtls_mpi A, E, N, RR, Z, X; + int res; + mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N); + mbedtls_mpi_init(&RR); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&X); + + TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&E, input_E), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0); + TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0); + + TEST_EQUAL(mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N), 0); + TEST_EQUAL(mbedtls_mpi_shrink(&RR, 0), 0); + /* The objective of this test is to check that exp_mod defends + * against a smaller RR. */ + TEST_LE_U(RR.n, N.n - 1); + + res = mbedtls_mpi_exp_mod(&Z, &A, &E, &N, &RR); + /* We know that exp_mod internally needs RR to be as large as N. + * Validate that it is the case now, otherwise there was probably + * a buffer overread. */ + TEST_EQUAL(RR.n, N.n); + + TEST_EQUAL(res, exp_result); + if (res == 0) { + TEST_EQUAL(sign_is_valid(&Z), 1); + TEST_EQUAL(mbedtls_mpi_cmp_mpi(&Z, &X), 0); + } + +exit: + mbedtls_mpi_free(&A); mbedtls_mpi_free(&E); mbedtls_mpi_free(&N); + mbedtls_mpi_free(&RR); mbedtls_mpi_free(&Z); mbedtls_mpi_free(&X); +} +/* END_CASE */ + +/* BEGIN_CASE */ void mpi_exp_mod(char *input_A, char *input_E, char *input_N, char *input_X, int exp_result) diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data index 9d068f1..eb55dbe 100644 --- a/tests/suites/test_suite_bignum.misc.data +++ b/tests/suites/test_suite_bignum.misc.data @@ -82,6 +82,9 @@ mpi_read_write_string:16:"":2:"0":4:0:0 Test mpi_write_string #10 (Negative hex with odd number of digits) mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL +Provide NULL buffer with 0 length +mpi_zero_length_buffer_is_null + Base test mbedtls_mpi_read_binary #1 mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424" @@ -1359,6 +1362,9 @@ mpi_exp_mod:"04":"00":"09":"1":0 Test mbedtls_mpi_exp_mod: 10 ^ 0 (1 limb) mod 9 mpi_exp_mod:"0a":"00":"09":"1":0 +Test mbedtls_mpi_exp_mod: -3 ^ 3 mod 27 +mpi_exp_mod:"-3":"3":"1b":"1b":0 + Test mbedtls_mpi_exp_mod: MAX_SIZE exponent mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:"":0 @@ -1388,6 +1394,14 @@ Test mbedtls_mpi_exp_mod (Negative base) [#2] depends_on:MPI_MAX_BITS_LARGER_THAN_792 mpi_exp_mod:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0 +Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 32 bit) +depends_on:MBEDTLS_HAVE_INT32 +mpi_exp_mod_min_RR:"10":"2":"10000000100000001":"100":0 + +Test mbedtls_mpi_exp_mod (N.n=3, RR.n=1 on 64 bit) +depends_on:MBEDTLS_HAVE_INT64 +mpi_exp_mod_min_RR:"10":"2":"100000000000000010000000000000001":"100":0 + Base test GCD #1 mpi_gcd:"2b5":"261":"15" diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 425c43e..720eb3e 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -347,19 +347,24 @@ exit: void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) { size_t thread_count = (size_t) arg_thread_count; - pthread_t *threads = NULL; + mbedtls_test_thread_t *threads = NULL; unsigned char out[16]; unsigned char *entropy = NULL; const size_t n_random_calls = thread_count * thread_random_reps + 1; - /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */ + /* This is a known-answer test, and although tests use a mock entropy + * function the input entropy length will still affect the output. + * We therefore need to pick a fixed entropy length, rather than using the + * default entropy length (MBEDTLS_CTR_DRBG_ENTROPY_LEN). We've chosen to + * use the default value of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA-512, + * as this was the value used when the expected answers were calculated. */ const size_t entropy_len = 48; AES_PSA_INIT(); - TEST_CALLOC(threads, sizeof(pthread_t) * thread_count); + TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); memset(out, 0, sizeof(out)); mbedtls_ctr_drbg_context ctx; @@ -367,8 +372,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) test_offset_idx = 0; - /* Need to do this, otherwise if we are forced into using SHA256 for - * whaever reason, output will differ. */ + /* Need to set a non-default fixed entropy len, to ensure same output across + * all configs - see above for details. */ mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len); if (reseed == 0) { @@ -393,13 +398,13 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count) for (size_t i = 0; i < thread_count; i++) { TEST_EQUAL( - pthread_create(&threads[i], NULL, - thread_random_function, (void *) &ctx), + mbedtls_test_thread_create(&threads[i], + thread_random_function, (void *) &ctx), 0); } for (size_t i = 0; i < thread_count; i++) { - TEST_EQUAL(pthread_join(threads[i], NULL), 0); + TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); } /* Take a last output for comparing and thus verifying the DRBG state */ diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index b961040..70e7bad 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -1,7 +1,8 @@ /* BEGIN_HEADER */ -#include "mbedtls/debug.h" +#include "debug_internal.h" #include "string.h" #include "mbedtls/pk.h" +#include <test/ssl_helpers.h> struct buffer_data { char buf[2000]; @@ -65,11 +66,12 @@ void debug_print_msg_threshold(int threshold, int level, char *file, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -103,11 +105,12 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -138,11 +141,12 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -175,11 +179,12 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -214,11 +219,12 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); - + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index e6f75de..2090594 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -31,7 +31,7 @@ static int check_dhm_param_output(const mbedtls_mpi *expected, int ok = 0; mbedtls_mpi_init(&actual); - ++mbedtls_test_info.step; + mbedtls_test_increment_step(); TEST_ASSERT(size >= *offset + 2); n = (buffer[*offset] << 8) | buffer[*offset + 1]; diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index cc58432..8d06067 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -100,3 +100,19 @@ ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"12345678123456781234567812 ECDH get_params with mismatched groups: their SECP256R1, our BP256R1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +Context get ECP Group #1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_context_grp:MBEDTLS_ECP_DP_SECP256R1 + +Context get ECP Group #2 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdh_primitive_random:MBEDTLS_ECP_DP_SECP384R1 + +Context get ECP Group #3 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdh_primitive_random:MBEDTLS_ECP_DP_SECP521R1 + +Context get ECP Group #4 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecdh_primitive_random:MBEDTLS_ECP_DP_CURVE448 diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index cc193da..300916f 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -464,3 +464,20 @@ exit: mbedtls_ecp_keypair_free(&their_key); } /* END_CASE */ + +/* BEGIN_CASE */ +void ecdh_context_grp(int id) +{ + mbedtls_ecdh_context srv; + + mbedtls_ecdh_init(&srv); + TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0); + + /* Test the retrieved group id matches/*/ + TEST_ASSERT((int) mbedtls_ecdh_get_grp_id(&srv) == id); + +exit: + mbedtls_ecdh_free(&srv); + +} +/* END_CASE */ diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 01fdc47..fd63657 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -736,6 +736,261 @@ ECP read key #24 (Curve25519 RFC, OK) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1 +ECP write key: secp256r1, nominal +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":32:0 + +ECP write key: secp256r1, output longer by 1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":33:0 + +ECP write key: secp256r1, output longer by 32 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":64:0 + +ECP write key: secp256r1, output longer by 33 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":65:0 + +ECP write key: secp256r1, output short by 1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":31:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp256r1, output_size=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp256r1, output_size=0 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp256r1, top byte = 0, output_size=32 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":32:0 + +ECP write key: secp256r1, top byte = 0, output_size=31 (fits) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":31:0 + +ECP write key: secp256r1, top byte = 0, output_size=30 (too small) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":30:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp256r1, mostly-0 key, output_size=32 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":32:0 + +ECP write key: secp256r1, mostly-0 key, output_size=31 (fits) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":31:0 + +ECP write key: secp256r1, mostly-0 key, output_size=1 (fits) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":1:0 + +ECP write key: secp384r1, nominal +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":48:0 + +ECP write key: secp384r1, output longer by 1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":49:0 + +ECP write key: secp384r1, output longer by 48 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":96:0 + +ECP write key: secp384r1, output longer by 49 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":97:0 + +ECP write key: secp384r1, output short by 1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":47:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp384r1, output_size=1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: secp384r1, output_size=0 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL + +ECP write key: Curve25519, nominal +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":32:0 + +ECP write key: Curve25519, output longer by 1 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":33:0 + +ECP write key: Curve25519, output longer by 32 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":64:0 + +ECP write key: Curve25519, output longer by 33 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":65:0 + +ECP write key: Curve25519, output short by 1 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve25519, output_size=1 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve25519, output_size=0 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve25519, mostly-0 key, output_size=32 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":32:0 + +ECP write key: Curve25519, mostly-0 key, output_size=31 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve448, nominal +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":56:0 + +ECP write key: Curve448, output longer by 1 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":57:0 + +ECP write key: Curve448, output longer by 32 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":112:0 + +ECP write key: Curve448, output longer by 33 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":113:0 + +ECP write key: Curve448, output short by 1 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve448, output_size=1 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve448, output_size=0 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key: Curve448, mostly-0 key, output_size=56 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":56:0 + +ECP write key: Curve448, mostly-0 key, output_size=55 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, nominal +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":32:0 + +ECP write key ext: secp256r1, output longer by 1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":33:0 + +ECP write key ext: secp256r1, output short by 1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, output_size=0 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, top byte = 0, output_size=32 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":32:0 + +ECP write key ext: secp256r1, top byte = 0, output_size=31 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, top byte = 0, output_size=30 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":30:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, mostly-0 key, output_size=32 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":32:0 + +ECP write key ext: secp256r1, mostly-0 key, output_size=1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: secp256r1, private key not set +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +ECP write key ext: secp384r1, nominal +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":48:0 + +ECP write key ext: secp384r1, output longer by 1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":49:0 + +ECP write key ext: secp384r1, output short by 1 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":47:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: Curve25519, nominal +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":32:0 + +ECP write key ext: Curve25519, output longer by 1 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":33:0 + +ECP write key ext: Curve25519, output short by 1 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: Curve25519, output_size=0 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: Curve25519, mostly-0 key, output_size=32 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":32:0 + +ECP write key ext: Curve25519, mostly-0 key, output_size=31 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: Curve25519, private key not set +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +ECP write key ext: Curve448, nominal +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":56:0 + +ECP write key ext: Curve448, output longer by 1 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":57:0 + +ECP write key ext: Curve448, output short by 1 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: Curve448, mostly-0 key, output_size=56 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":56:0 + +ECP write key ext: Curve448, mostly-0 key, output_size=55 +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL + +ECP write key ext: group not set +ecp_write_key_ext:MBEDTLS_ECP_DP_NONE:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 295fe7f..9b5c86f 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1204,29 +1204,46 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0); TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0); - if (canonical) { + if (canonical && in_key->len == (key.grp.nbits + 7) / 8) { unsigned char buf[MBEDTLS_ECP_MAX_BYTES]; + size_t length = 0xdeadbeef; - ret = mbedtls_ecp_write_key(&key, buf, in_key->len); - TEST_ASSERT(ret == 0); + TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, + &length, buf, in_key->len), 0); + TEST_MEMORY_COMPARE(in_key->x, in_key->len, + buf, length); +#if defined(MBEDTLS_TEST_DEPRECATED) + memset(buf, 0, sizeof(buf)); + TEST_EQUAL(mbedtls_ecp_write_key(&key, buf, in_key->len), 0); TEST_MEMORY_COMPARE(in_key->x, in_key->len, buf, in_key->len); +#endif /* MBEDTLS_TEST_DEPRECATED */ } else { unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; unsigned char export2[MBEDTLS_ECP_MAX_BYTES]; - ret = mbedtls_ecp_write_key(&key, export1, in_key->len); - TEST_ASSERT(ret == 0); - - ret = mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len); - TEST_ASSERT(ret == expected); - - ret = mbedtls_ecp_write_key(&key2, export2, in_key->len); - TEST_ASSERT(ret == 0); - + size_t length1 = 0xdeadbeef; + TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, &length1, + export1, sizeof(export1)), 0); + TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, length1), + expected); + size_t length2 = 0xdeadbeef; + TEST_EQUAL(mbedtls_ecp_write_key_ext(&key2, &length2, + export2, sizeof(export2)), 0); + TEST_MEMORY_COMPARE(export1, length1, + export2, length2); + +#if defined(MBEDTLS_TEST_DEPRECATED) + memset(export1, 0, sizeof(export1)); + memset(export2, 0, sizeof(export2)); + TEST_EQUAL(mbedtls_ecp_write_key(&key, export1, in_key->len), 0); + TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len), + expected); + TEST_EQUAL(mbedtls_ecp_write_key(&key2, export2, in_key->len), 0); TEST_MEMORY_COMPARE(export1, in_key->len, export2, in_key->len); +#endif /* MBEDTLS_TEST_DEPRECATED */ } } @@ -1236,6 +1253,102 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_DEPRECATED */ +void ecp_write_key(int grp_id, data_t *in_key, + int exported_size, int expected_ret) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + unsigned char *exported = NULL; + + TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len), 0); + + TEST_CALLOC(exported, exported_size); + TEST_EQUAL(mbedtls_ecp_write_key(&key, exported, exported_size), + expected_ret); + + if (expected_ret == 0) { + size_t length = (key.grp.nbits + 7) / 8; + const unsigned char *key_start = NULL; + const unsigned char *zeros_start = NULL; + switch (mbedtls_ecp_get_type(&key.grp)) { + case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS: + if ((size_t) exported_size < length) { + length = exported_size; + } + key_start = exported + exported_size - length; + zeros_start = exported; + break; + case MBEDTLS_ECP_TYPE_MONTGOMERY: + TEST_LE_U(length, exported_size); + key_start = exported; + zeros_start = exported + length; + break; + default: + TEST_FAIL("Unknown ECP curve type"); + break; + } + + if (length < in_key->len) { + /* Shorter output (only possible with Weierstrass keys) */ + for (size_t i = 0; i < in_key->len - length; i++) { + mbedtls_test_set_step(i); + TEST_EQUAL(in_key->x[i], 0); + } + TEST_MEMORY_COMPARE(in_key->x + in_key->len - length, length, + key_start, length); + } else { + TEST_MEMORY_COMPARE(in_key->x, in_key->len, + key_start, length); + for (size_t i = 0; i < exported_size - length; i++) { + mbedtls_test_set_step(i); + TEST_EQUAL(zeros_start[i], 0); + } + } + } + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_free(exported); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecp_write_key_ext(int grp_id, data_t *in_key, + int exported_size, int expected_ret) +{ + mbedtls_ecp_keypair key; + mbedtls_ecp_keypair_init(&key); + unsigned char *exported = NULL; + + if (in_key->len != 0) { + TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len), 0); + } else if (grp_id != MBEDTLS_ECP_DP_NONE) { + TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0); + } + + TEST_CALLOC(exported, exported_size); + size_t olen = 0xdeadbeef; + TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, &olen, exported, exported_size), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(olen, (key.grp.nbits + 7) / 8); + TEST_LE_U(olen, MBEDTLS_ECP_MAX_BYTES); + TEST_MEMORY_COMPARE(in_key->x, in_key->len, + exported, olen); + } else { + /* Robustness check: even in the error case, insist that olen is less + * than the buffer size. */ + TEST_LE_U(olen, exported_size); + } + +exit: + mbedtls_ecp_keypair_free(&key); + mbedtls_free(exported); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBEDTLS_ECP_LIGHT */ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) { diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index ed9f3ac..5ac65fc 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -447,7 +447,7 @@ void entropy_nv_seed_std_io() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_LIGHT:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */ void entropy_nv_seed(data_t *read_seed) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 599c926..8bb7b8b 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -153,6 +153,21 @@ exit: mbedtls_free(output); } +static void gcm_reset_ctx(mbedtls_gcm_context *ctx, const uint8_t *key, + size_t key_bits, const uint8_t *iv, size_t iv_len, + int starts_ret) +{ + int mode = MBEDTLS_GCM_ENCRYPT; + mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; + + mbedtls_gcm_init(ctx); + TEST_EQUAL(mbedtls_gcm_setkey(ctx, valid_cipher, key, key_bits), 0); + TEST_EQUAL(starts_ret, mbedtls_gcm_starts(ctx, mode, iv, iv_len)); +exit: + /* empty */ + return; +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -478,6 +493,118 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of IV should + * satisfy 1 <= bit_len(IV) <= 2^64 - 1. */ +void gcm_invalid_iv_len(void) +{ + mbedtls_gcm_context ctx; + mbedtls_gcm_init(&ctx); + uint8_t b16[16] = { 0 }; + + BLOCK_CIPHER_PSA_INIT(); + + // Invalid IV length 0 + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 0, MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); + + // Only testable on platforms where sizeof(size_t) >= 8. +#if SIZE_MAX >= UINT64_MAX + // Invalid IV length 2^61 + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 1ULL << 61, MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); +#endif + + goto exit; /* To suppress error that exit is defined but not used */ +exit: + mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void gcm_add_len_too_long(void) +{ + // Only testable on platforms where sizeof(size_t) >= 8. +#if SIZE_MAX >= UINT64_MAX + mbedtls_gcm_context ctx; + mbedtls_gcm_init(&ctx); + uint8_t b16[16] = { 0 }; + BLOCK_CIPHER_PSA_INIT(); + + /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of AD should + * be <= 2^64 - 1, ie < 2^64. This is the minimum invalid length in bytes. */ + uint64_t len_max = 1ULL << 61; + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Feed AD that just exceeds the length limit + TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max), + MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Feed AD that just exceeds the length limit in two calls + TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0); + TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max - 1), + MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Test if potential total AD length overflow is handled properly + TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0); + TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, UINT64_MAX), MBEDTLS_ERR_GCM_BAD_INPUT); + +exit: + mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); +#endif +} +/* END_CASE */ + +/* BEGIN_CASE */ +void gcm_input_len_too_long(void) +{ + // Only testable on platforms where sizeof(size_t) >= 8 +#if SIZE_MAX >= UINT64_MAX + mbedtls_gcm_context ctx; + uint8_t b16[16] = { 0 }; + uint8_t out[1]; + size_t out_len; + mbedtls_gcm_init(&ctx); + BLOCK_CIPHER_PSA_INIT(); + + /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of input should + * be <= 2^39 - 256. This is the maximum valid length in bytes. */ + uint64_t len_max = (1ULL << 36) - 32; + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Feed input that just exceeds the length limit + TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max + 1, out, len_max + 1, + &out_len), + MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Feed input that just exceeds the length limit in two calls + TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0); + TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max, out, len_max, &out_len), + MBEDTLS_ERR_GCM_BAD_INPUT); + mbedtls_gcm_free(&ctx); + + gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0); + // Test if potential total input length overflow is handled properly + TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0); + TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, UINT64_MAX, out, UINT64_MAX, + &out_len), + MBEDTLS_ERR_GCM_BAD_INPUT); + +exit: + mbedtls_gcm_free(&ctx); + BLOCK_CIPHER_PSA_DONE(); +#endif +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */ void gcm_selftest() { diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data index f22b7a3..108630e 100644 --- a/tests/suites/test_suite_gcm.misc.data +++ b/tests/suites/test_suite_gcm.misc.data @@ -1,2 +1,14 @@ GCM - Invalid parameters gcm_invalid_param: + +GCM - Invalid IV length +depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES +gcm_invalid_iv_len: + +GCM - Additional data length too long +depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES +gcm_add_len_too_long: + +GCM - Input length too long +depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES +gcm_input_len_too_long: diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index a4dff45..007ba10 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -22,6 +22,9 @@ mbedtls_pem_write_buffer_lengths PEM read (unencrypted, valid) mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53" +PEM read (unencrypted, empty content) +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----":"":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:"" + PEM read (DES-EDE3-CBC + invalid iv) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:"" @@ -49,3 +52,35 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE PEM read (malformed PEM AES-128-CBC) depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:"" + +# The output sequence's length is not multiple of block size (16 bytes). This +# proves that the pem_context->len value is properly updated based on the SEQUENCE +# length read from the decoded ASN.1 data (i.e. extra padding, if any, is ignored). +PEM read (valid EC key encoded with AES-128-CBC) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,151F851B6A7F3FBDAA5B7173117D0127\n\nLw+0OM+0Bwcl+ls/vxQbLrVshGc7bsNPvvtj2sJeMFFEq3V1mj/IO++0KK/CDhMH\nh6CZPsmgVOeM5uFpqYaq0fJbUduN2eDMWszWRm0SFkY=\n-----END EC PRIVATE KEY-----":"pwdpwd":0:"3041020101040f00d8023c809afd45e426d1a4dbe0ffa00706052b81040004a1220320000400da1ecfa53d528237625e119e2e0500d2eb671724f16deb6a63749516b7" + +# The text "hello world" together with some invalid padding data is encoded +# with AES-128-CBC in order to test padding validation. +# Since PBKDF1 isn't supported in OpenSSL, here's the steps: +# 1. generate the key (password="password"; IV=0x3132333435363738 in hex or "12345678" as string) +# echo -n "password12345678" | openssl md5 +# 2. encode data +# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (AES-128-CBC, invalid padding data) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" + +# Padding data (0x11) is larger than AES block size (16). +# Generated with: +# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x11\x11\x11\x11\x11" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (AES-128-CBC, padding data is larger than AES block length) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" + +# Padding data (0x9) is larger than DES block size (8). +# Generated with: +# echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad +PEM read (DES-CBC, padding data is larger than DES block length) +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:"" diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index af1e20c..989235d 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,7 +10,21 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA" +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA" + +# mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1, +# min+3, etc. +PK utils: RSA Minimum key + 2 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA" + +PK utils: RSA Minimum key + 4 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA" + +PK utils: RSA Minimum key + 6 bits +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 @@ -312,13 +326,33 @@ PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256) depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 -RSA verify test vector #1 (good) +RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 -pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 -RSA verify test vector #2 (bad) +RSA verify test vector: PKCS1v1.5 (default), SHA1, good depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 -pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":-1:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 + +RSA verify test vector: PKCS1v1.5, SHA1, wrong signature +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b8":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PSS, SHA1, good +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0 + +RSA verify test vector: PSS, SHA1, wrong signature +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747f":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PSS, SHA1, signature is PKCS1v1.5 +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21 +pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_ERR_RSA_VERIFY_FAILED + +RSA verify test vector: PKCS1v1.5, SHA1, signature is PSS +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 +pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED ECDSA verify test vector #1 (good) depends_on:MBEDTLS_ECP_HAVE_SECP192R1 @@ -370,51 +404,79 @@ pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723e ECDSA sign-verify: SECP192R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0 ECDSA sign-verify: SECP256R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0:0:0 ECDSA sign-verify: SECP384R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0 ECDSA sign-verify: SECP521R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0 ECDSA sign-verify: BP256R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0:0:0 ECDSA sign-verify: BP512R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1 -pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0:0:0 EC(DSA) sign-verify: SECP192R1 depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0 +pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0 EC_DH (no) sign-verify: SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 -pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH -RSA sign-verify -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0 +RSA sign-verify, PKCS1v1.5, SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0 + +RSA sign-verify, PKCS1v2.1, SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0 + +RSA sign-verify, PKCS1v1.5, SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0 + +RSA sign-verify, PKCS1v2.1, SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0 RSA encrypt-decrypt test depends_on:MBEDTLS_PKCS1_V15 pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":0 -RSA decrypt test vector #1 +RSA decrypt test vector - PKCS1v1.5 +depends_on:MBEDTLS_PKCS1_V15 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 + +RSA decrypt test vector - PKCS1v1.5, corrupted encrypted data depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSA decrypt test vector - PKCS1v2.1 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0 + +RSA decrypt test vector - PKCS1v2.1, corrupted encrypted data +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING -RSA decrypt test vector #2 +RSA decrypt test vector - PKCS1v1.5, but data is PKCS1v2.1 encrypted depends_on:MBEDTLS_PKCS1_V15 -pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING + +RSA decrypt test vector - PKCS1v2.1, but data is PKCS1v1.5 encrypted +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING RSA Opaque decrypt test vector #1 depends_on:MBEDTLS_PKCS1_V15 @@ -680,3 +742,712 @@ pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 + +PSA attributes for pk: NONE (bad) +pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA + +# There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt(). + +# Bad usage due to not specifying sign/crypt/derive. +PSA attributes for pk: RSA usage=0 (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Bad usage due to not specifying sign/crypt/derive. +PSA attributes for pk: RSA usage=EXPORT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Bad usage due to specifying more than one of sign/crypt/derive. +PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# This usage could make sense, but is not currently supported. +PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT + +PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) + +PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) + +PSA attributes for pk: RSA v15 public DECRYPT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 pair SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair SIGN_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 pair->public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) + +PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 public SIGN_HASH (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 pair DERIVE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: RSA v15 public DERIVE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA pair DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public DECRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA pair ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public ENCRYPT (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair DERIVE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH + +PSA attributes for pk: ECKEY_DH pair DERIVE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH + +PSA attributes for pk: ECDSA pair DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public DERIVE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY pair SIGN_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair SIGN_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair SIGN_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair SIGN_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY pair->public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA pair->public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA public VERIFY_MESSAGE +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECDSA public VERIFY_HASH +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH) + +PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECDSA public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT + +# For a PK_OPAQUE key with a key pair type output, +# mbedtls_pk_import_into_psa() requires the key to be copyable or exportable. +# Try all combinations of COPY/not, EXPORT/not. +PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|EXPORT|... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|COPY|... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN|COPY|EXPORT... & SIGN_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +# For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input +# key's algorithm policy. Just this time, test with a few different algorithms. +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0] +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw] +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15] +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS] +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT + +PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT + +PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT + +PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE + +PSA attributes for pk: opaque ECC pair, ... & DERIVE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE + +PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 + +PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE + +PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 + +PSA import into PSA: RSA pair to ECC (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: RSA public to RSA pair (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. (Applies to all the RSA "different bits" test cases.) +PSA import into PSA: RSA pair to different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: RSA public to different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: RSA private to public, different bits (bad) +depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: ECKEY pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to RSA (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to public, different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to different curve (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA pair to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA private to public, different bits (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECKEY_DH public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: ECDSA public to pair (bad) +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME +pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, COPY (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, EXPORT (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, no COPY/EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque RSA, COPY|EXPORT, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque RSA, COPY, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# Detail that isn't precisely documented: since this exports the key, +# the new key has all the requested usage flags. +PSA import into PSA: opaque RSA, EXPORT, different usage (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, COPY|EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque RSA, COPY, different algorithm (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque RSA, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA, different type (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque RSA to public (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +PSA import into PSA: opaque RSA to public, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. +PSA import into PSA: opaque RSA to public, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: opaque ECC, COPY (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, EXPORT (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, no COPY/EXPORT (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque ECC, COPY|EXPORT, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# Detail that isn't precisely documented: since this copies the key, +# the new key has the intersection of the usage flags. +PSA import into PSA: opaque ECC, COPY, different usage (restricted) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# Detail that isn't precisely documented: since this exports the key, +# the new key has all the requested usage flags. +PSA import into PSA: opaque ECC, EXPORT, different usage (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, COPY|EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque ECC, COPY, different algorithm (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC, EXPORT, different algorithm (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 + +PSA import into PSA: opaque ECC, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC, different type (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC, different family (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH + +PSA import into PSA: opaque ECC to public (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +PSA import into PSA: opaque ECC to public, implicit bits (ok) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 + +# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation +# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably +# be more appropriate. +PSA import into PSA: opaque ECC to public, different bits (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG + +PSA import into PSA: opaque ECC to public, different family (bad) +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f054443..3d75ad0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -6,6 +6,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/base64.h" #include "mbedtls/ecp.h" +#include "mbedtls/error.h" #include "mbedtls/rsa.h" #include "pk_internal.h" @@ -18,12 +19,21 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include <test/psa_exercise_key.h> + /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "psa_util_internal.h" #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) +#if defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ + defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_USE_PSA_CRYPTO) +#define PK_CAN_SIGN_SOME +#endif + /* MBEDTLS_TEST_PK_PSA_SIGN is enabled when: * - The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature. * - The build has built-in ECC and ECDSA signature. @@ -35,6 +45,128 @@ #define MBEDTLS_TEST_PK_PSA_SIGN #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +/* Pick an elliptic curve that's supported by PSA. Note that the curve is + * not guaranteed to be supported by the ECP module. + * + * This should always find a curve if ECC is enabled in the build, except in + * one edge case: in a build with MBEDTLS_PSA_CRYPTO_CONFIG disabled and + * where the only legacy curve is secp224k1, which is not supported in PSA, + * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY ends up enabled but PSA does not + * support any curve. + */ + +/* First try all the curves that can do both ECDSA and ECDH, then try + * the ECDH-only curves. (There are no curves that can do ECDSA but not ECDH.) + * This way, if ECDSA is enabled then the curve that's selected here will + * be ECDSA-capable, and likewise for ECDH. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 +#elif defined(PSA_WANT_ECC_SECP_R1_224) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 +#elif defined(PSA_WANT_ECC_SECP_R1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 +#elif defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP384R1 +#elif defined(PSA_WANT_ECC_SECP_R1_521) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 +#elif defined(PSA_WANT_ECC_SECP_K1_192) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 +#elif defined(PSA_WANT_ECC_SECP_K1_224) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 +#elif defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP256R1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP384R1 +#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 512 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_BP512R1 +#elif defined(PSA_WANT_ECC_MONTGOMERY_255) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 255 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE25519 +#elif defined(PSA_WANT_ECC_MONTGOMERY_448) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_MONTGOMERY +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 448 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_CURVE448 +#endif /* curve selection */ + +#if defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) +#define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE +#endif + +/* Pick a second curve, for tests that need two supported curves of the + * same size. For simplicity, we only handle a subset of configurations, + * and both curves will support both ECDH and ECDSA. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_K1_192) +/* Identical redefinition of the ONE macros, to confirm that they have + * the values we expect here. */ +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES +#endif + +/* Pick a second bit-size, for tests that need two supported curves of the + * same family. For simplicity, we only handle a subset of configurations, + * and both curves will support both ECDH and ECDSA. */ +#if defined(PSA_WANT_ECC_SECP_R1_192) && defined(PSA_WANT_ECC_SECP_R1_256) +/* Identical redefinition of the ONE macros, to confirm that they have + * the values we expect here. */ +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_R1_384) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 384 +#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS +#endif + +#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ + +/* Always define the macros so that we can use them in test data. */ +#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY 0 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 0 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE 0 +#endif +#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY) +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY 0 +#endif +#if !defined(MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS) +#define MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS 0 +#endif + #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { @@ -50,14 +182,31 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_bits(&key_attr, curve_bits); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE); + psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + psa_algorithm_t sign_alg = 0; + psa_algorithm_t derive_alg = 0; + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { + usage |= PSA_KEY_USAGE_DERIVE; + derive_alg = PSA_ALG_ECDH; + } + if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && + curve != PSA_ECC_FAMILY_MONTGOMERY) { + usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&key_attr, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); + sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); #else - psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); + sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); #endif + } + if (derive_alg != 0) { + psa_set_key_algorithm(&key_attr, derive_alg); + if (sign_alg != 0) { + psa_set_key_enrollment_algorithm(&key_attr, sign_alg); + } + } else { + psa_set_key_algorithm(&key_attr, sign_alg); + } + psa_set_key_usage_flags(&key_attr, usage); status = psa_generate_key(&key_attr, &pk->priv_id); if (status != PSA_SUCCESS) { @@ -111,7 +260,14 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_genkey_ec(pk, curve_or_keybits); + if (ret != 0) { + return ret; + } + + return 0; +#else ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); if (ret != 0) { return ret; @@ -120,15 +276,6 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) &mbedtls_pk_ec_rw(*pk)->d, &mbedtls_pk_ec_rw(*pk)->Q, mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_genkey_ec(pk, curve_or_keybits); - if (ret != 0) { - return ret; - } - - return 0; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } @@ -136,6 +283,32 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) return -1; } +#if defined(MBEDTLS_PSA_CRYPTO_C) +static psa_key_usage_t pk_get_psa_attributes_implied_usage( + psa_key_usage_t expected_usage) +{ + /* Usage implied universally */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + /* Usage implied by mbedtls_pk_get_psa_attributes() */ + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_HASH; + } + if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_DECRYPT) { + expected_usage |= PSA_KEY_USAGE_ENCRYPT; + } + expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; + return expected_usage; +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, @@ -162,6 +335,96 @@ size_t mbedtls_rsa_key_len_func(void *ctx) } #endif /* MBEDTLS_RSA_C */ +typedef enum { + /* The values are compatible with thinking of "from pair" as a boolean. */ + FROM_PUBLIC = 0, + FROM_PAIR = 1 +} from_pair_t; + +#if defined(MBEDTLS_PSA_CRYPTO_C) +static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, + mbedtls_pk_context *pk, psa_key_type_t *psa_type) +{ + if (pk_type == MBEDTLS_PK_NONE) { + return 0; + } + TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); + + switch (pk_type) { +#if defined(MBEDTLS_RSA_C) + case MBEDTLS_PK_RSA: + { + *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); + if (want_pair) { +#if defined(MBEDTLS_GENPRIME) + TEST_EQUAL(mbedtls_rsa_gen_key( + rsa, + mbedtls_test_rnd_std_rand, NULL, + MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); +#else + TEST_FAIL("I don't know how to create an RSA key pair in this configuration."); +#endif + } else { + unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; + N[sizeof(N) - 1] = 0x03; + const unsigned char E[1] = { 0x03 }; + TEST_EQUAL(mbedtls_rsa_import_raw(rsa, + N, sizeof(N), + NULL, 0, NULL, 0, NULL, 0, + E, sizeof(E)), 0); + TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); + } + break; + } +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + case MBEDTLS_PK_ECKEY: + case MBEDTLS_PK_ECKEY_DH: + case MBEDTLS_PK_ECDSA: + { + mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; + size_t bits; + *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); + TEST_EQUAL(pk_genkey(pk, grp_id), 0); + if (!want_pair) { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type(&pub_attributes, + PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type)); + psa_set_key_usage_flags(&pub_attributes, + PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_COPY | + PSA_KEY_USAGE_VERIFY_MESSAGE | + PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY); + PSA_ASSERT(psa_destroy_key(pk->priv_id)); + pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT; +#else + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + mbedtls_mpi_free(&ec->d); +#endif + } + break; + } +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ + + default: + TEST_FAIL("Unknown PK type in test data"); + break; + } + + if (!want_pair) { + *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type); + } + return 0; + +exit: + return MBEDTLS_ERR_ERROR_GENERIC_ERROR; +} +#endif + #if defined(MBEDTLS_USE_PSA_CRYPTO) /* @@ -171,7 +434,7 @@ size_t mbedtls_rsa_key_len_func(void *ctx) */ mbedtls_svc_key_id_t pk_psa_genkey_ecc(void) { - mbedtls_svc_key_id_t key; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1); @@ -193,7 +456,7 @@ exit: */ mbedtls_svc_key_id_t pk_psa_genkey_rsa(void) { - mbedtls_svc_key_id_t key; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; const size_t bits = 1024; @@ -219,7 +482,7 @@ exit: void pk_psa_utils(int key_is_rsa) { mbedtls_pk_context pk, pk2; - mbedtls_svc_key_id_t key; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const char * const name = "Opaque"; @@ -257,7 +520,7 @@ void pk_psa_utils(int key_is_rsa) TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); - TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8); + TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8); if (key_is_rsa) { TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0); @@ -511,7 +774,7 @@ void valid_parameters() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */ void valid_parameters_pkwrite(data_t *key_data) { mbedtls_pk_context pk; @@ -573,6 +836,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) mbedtls_pk_context pub, prv, alt; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&pub); @@ -610,9 +874,13 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id, - PSA_ALG_ANY_HASH, - PSA_KEY_USAGE_EXPORT, 0), 0); + /* Turn the prv PK context into an opaque one.*/ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, + &opaque_key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); + mbedtls_pk_free(&prv); + mbedtls_pk_init(&prv); + TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, NULL), ret); } @@ -630,9 +898,9 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, - char *input_N, char *input_E, - data_t *result_str, int result) +void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest, + int mod, char *input_N, char *input_E, + data_t *result_str, int expected_result) { mbedtls_rsa_context *rsa; mbedtls_pk_context pk; @@ -647,28 +915,54 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod, #endif mbedtls_pk_init(&pk); - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); rsa = mbedtls_pk_rsa(pk); - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; + if (padding >= 0) { + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0); + } + TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); - TEST_ASSERT(mbedtls_pk_verify(&pk, digest, message_str->x, 0, - result_str->x, mbedtls_pk_get_len(&pk)) == result); + int actual_result; + actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0, + result_str->x, mbedtls_pk_get_len(&pk)); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && + expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { + /* Tolerate INVALID_PADDING error for an invalid signature with + * the legacy API (but not with PSA). */ + } else +#endif + { + TEST_EQUAL(actual_result, expected_result); + } - TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, - result_str->x, mbedtls_pk_get_len( - &pk), rs_ctx) == result); + actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0, + result_str->x, + mbedtls_pk_get_len(&pk), + rs_ctx); +#if !defined(MBEDTLS_USE_PSA_CRYPTO) + if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING && + expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) { + /* Tolerate INVALID_PADDING error for an invalid signature with + * the legacy API (but not with PSA). */ + } else +#endif + { + TEST_EQUAL(actual_result, expected_result); + } exit: #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_pk_restart_free(rs_ctx); #endif mbedtls_pk_free(&pk); - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -692,7 +986,7 @@ void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest, TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); rsa = mbedtls_pk_rsa(pk); - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); @@ -856,8 +1150,9 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256 */ -void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret) +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ +void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, + int sign_ret, int verify_ret) { mbedtls_pk_context pk; size_t sig_len; @@ -885,6 +1180,15 @@ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); +#if defined(MBEDTLS_RSA_C) + if (type == MBEDTLS_PK_RSA) { + TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0); + } +#else + (void) rsa_padding; + (void) rsa_md_alg; +#endif /* MBEDTLS_RSA_C */ + TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256, hash, hash_len, sig, sizeof(sig), &sig_len, @@ -973,7 +1277,7 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, rsa = mbedtls_pk_rsa(pk); /* load public key */ - rsa->len = mod / 8; + rsa->len = (mod + 7) / 8; TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); @@ -999,9 +1303,12 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod, TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); + TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); + memset(result, 0, sizeof(result)); rlen = 0; TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen, @@ -1021,7 +1328,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_RSA_C */ -void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, +void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg, char *input_P, char *input_Q, char *input_N, char *input_E, data_t *clear, int ret) @@ -1036,7 +1343,7 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, mbedtls_pk_init(&pk); mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E); - USE_PSA_INIT(); + MD_OR_USE_PSA_INIT(); memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info)); @@ -1052,9 +1359,17 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); + TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8); + + /* set padding mode */ + if (padding >= 0) { + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0); + } + /* decryption test */ memset(output, 0, sizeof(output)); olen = 0; @@ -1070,7 +1385,7 @@ exit: mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E); mbedtls_pk_free(&pk); - USE_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -1085,7 +1400,8 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, mbedtls_mpi N, P, Q, E; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; - mbedtls_svc_key_id_t key_id; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; size_t olen; mbedtls_pk_init(&pk); @@ -1108,14 +1424,17 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod, TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0); TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0); TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0); - TEST_EQUAL(mbedtls_rsa_get_len(rsa), (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8); TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); /* Turn PK context into an opaque one. */ - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id, - PSA_ALG_RSA_PKCS1V15_CRYPT, - PSA_KEY_USAGE_DECRYPT, - PSA_ALG_NONE), 0); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); + mbedtls_pk_free(&pk); + mbedtls_pk_init(&pk); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); + + TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod); /* decryption test */ memset(output, 0, sizeof(output)); @@ -1263,6 +1582,17 @@ void pk_rsa_alt() TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); +#if defined(MBEDTLS_PSA_CRYPTO_C) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, + PSA_KEY_USAGE_ENCRYPT, + &attributes), + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), + MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* Test signature */ #if SIZE_MAX > UINT_MAX TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, @@ -1312,10 +1642,9 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) unsigned char pkey_legacy[200]; unsigned char pkey_psa[200]; unsigned char *pkey_legacy_start, *pkey_psa_start; - psa_algorithm_t alg_psa; size_t sig_len, klen_legacy, klen_psa; int ret; - mbedtls_svc_key_id_t key_id; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; /* @@ -1337,7 +1666,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), mbedtls_test_rnd_std_rand, NULL, curve_or_keybits, 3) == 0); - alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256); } else #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) @@ -1348,8 +1676,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); TEST_ASSERT(pk_genkey(&pk, grpid) == 0); - - alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ { @@ -1376,9 +1702,11 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits) #endif /* MBEDTLS_PK_WRITE_C */ /* Turn PK context into an opaque one. */ - TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, alg_psa, - PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_NONE) == 0); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0); + mbedtls_pk_free(&pk); + mbedtls_pk_init(&pk); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); PSA_ASSERT(psa_get_key_attributes(key_id, &attributes)); TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type); @@ -1498,13 +1826,13 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg { mbedtls_pk_context pk; size_t sig_len, pkey_len; - mbedtls_svc_key_id_t key_id; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); - psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; @@ -1521,6 +1849,10 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg mbedtls_test_rnd_std_rand, NULL, key_bits, 3), 0); + if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { + mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); + } + /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey)); TEST_ASSERT(ret >= 0); @@ -1529,18 +1861,12 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ pkey_start = pkey + sizeof(pkey) - pkey_len; - if (key_pk_type == MBEDTLS_PK_RSA) { - psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg); - } else if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { - psa_alg = PSA_ALG_RSA_PSS(psa_md_alg); - } else { - TEST_ASSUME(!"PK key type not supported in this configuration"); - } - /* Turn PK context into an opaque one. */ - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id, psa_alg, - PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_NONE), 0); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0); + mbedtls_pk_free(&pk); + mbedtls_pk_init(&pk); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0); memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); @@ -1569,3 +1895,307 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_get_psa_attributes(int pk_type, int from_pair, + int usage_arg, + int to_pair, int expected_alg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_usage_t usage = usage_arg; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; + + PSA_INIT(); + + psa_key_type_t expected_psa_type = 0; + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); + if (!to_pair) { + expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); + } + + psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity + psa_set_key_id(&attributes, key_id); + psa_set_key_lifetime(&attributes, lifetime); + psa_set_key_enrollment_algorithm(&attributes, 42); + psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + /* When the resulting algorithm is ECDSA, the compile-time configuration + * can cause it to be either deterministic or randomized ECDSA. + * Rather than have two near-identical sets of test data depending on + * the configuration, always use randomized in the test data and + * tweak the expected result here. */ + if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) { + expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); + } +#endif + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); + + TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + key_id)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), + mbedtls_pk_get_bitlen(&pk)); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + psa_destroy_key(new_key_id); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */ +void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, + int usage_arg, + int to_pair, int expected_alg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_usage_t usage = usage_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; + + PSA_INIT(); + + psa_key_type_t expected_psa_type = 0; + TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair, + &pk, &expected_psa_type), 0); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk); + TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0); + if (!to_pair) { + expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type); + } + psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage); + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0); + + TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + MBEDTLS_SVC_KEY_ID_INIT)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), + mbedtls_pk_get_bitlen(&pk)); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + psa_destroy_key(new_key_id); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_get_psa_attributes_fail(int pk_type, int from_pair, + int usage_arg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_usage_t usage = usage_arg; + + PSA_INIT(); + + psa_key_type_t expected_psa_type; + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), + expected_ret); + +exit: + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, + int from_usage_arg, int from_alg_arg, + int usage_arg, + int expected_ret, + int to_pair, int expected_usage_arg) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t old_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t from_type = from_type_arg; + size_t bits = from_bits_arg; + psa_key_usage_t from_usage = from_usage_arg; + psa_algorithm_t alg = from_alg_arg; + psa_key_usage_t usage = usage_arg; + psa_key_usage_t expected_usage = expected_usage_arg; + mbedtls_svc_key_id_t new_key_id = MBEDTLS_SVC_KEY_ID_INIT; + + PSA_INIT(); + + psa_set_key_type(&attributes, from_type); + psa_set_key_bits(&attributes, bits); + psa_set_key_usage_flags(&attributes, from_usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_enrollment_algorithm(&attributes, 42); + //TODO: test with persistent key + PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); + + psa_key_type_t expected_psa_type = + to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type); + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), + expected_ret); + + if (expected_ret == 0) { + TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE); + TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes), + MBEDTLS_SVC_KEY_ID_INIT)); + TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type); + TEST_EQUAL(psa_get_key_bits(&attributes), bits); + TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); + TEST_EQUAL(psa_get_key_algorithm(&attributes), alg); + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); + + int expected_import_ret = 0; + if (to_pair && + !(from_usage & (PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT))) { + expected_import_ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; + } + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), + expected_import_ret); + if (expected_import_ret == 0) { + if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { + goto exit; + } + } + } + +exit: + mbedtls_pk_free(&pk); + psa_destroy_key(old_key_id); + psa_destroy_key(new_key_id); + psa_reset_key_attributes(&attributes); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +void pk_import_into_psa_fail(int pk_type, int from_pair, + int type_arg, int bits_arg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t type = type_arg; + size_t bits = bits_arg; + mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 42); + + PSA_INIT(); + + psa_key_type_t expected_psa_type; + TEST_EQUAL(pk_setup_for_type(pk_type, from_pair, + &pk, &expected_psa_type), 0); + + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), + expected_ret); + TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, MBEDTLS_SVC_KEY_ID_INIT)); + +exit: + psa_destroy_key(key_id); + mbedtls_pk_free(&pk); + psa_reset_key_attributes(&attributes); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +void pk_import_into_psa_opaque(int from_type, int from_bits, + int from_usage, int from_alg, + int to_type, int to_bits, + int to_usage, int to_alg, + int expected_ret) +{ + mbedtls_pk_context pk; + mbedtls_pk_init(&pk); + psa_key_attributes_t from_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t from_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t to_attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t to_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_INIT(); + + psa_set_key_type(&from_attributes, from_type); + psa_set_key_bits(&from_attributes, from_bits); + psa_set_key_usage_flags(&from_attributes, from_usage); + psa_set_key_algorithm(&from_attributes, from_alg); + PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id)); + TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); + + psa_set_key_type(&to_attributes, to_type); + psa_set_key_bits(&to_attributes, to_bits); + psa_set_key_usage_flags(&to_attributes, to_usage); + psa_set_key_algorithm(&to_attributes, to_alg); + + TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &to_attributes, &to_key_id), + expected_ret); + + if (expected_ret == 0) { + PSA_ASSERT(psa_get_key_attributes(to_key_id, &actual_attributes)); + TEST_EQUAL(to_type, psa_get_key_type(&actual_attributes)); + if (to_bits != 0) { + TEST_EQUAL(to_bits, psa_get_key_bits(&actual_attributes)); + } + TEST_EQUAL(to_alg, psa_get_key_algorithm(&actual_attributes)); + psa_key_usage_t expected_usage = to_usage; + if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) { + expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE; + } + if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) { + expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE; + } + TEST_EQUAL(expected_usage, psa_get_key_usage_flags(&actual_attributes)); + if (!mbedtls_test_key_consistency_psa_pk(to_key_id, &pk)) { + goto exit; + } + } else { + TEST_ASSERT(mbedtls_svc_key_id_equal(to_key_id, MBEDTLS_SVC_KEY_ID_INIT)); + } + +exit: + mbedtls_pk_free(&pk); + psa_destroy_key(from_key_id); + psa_destroy_key(to_key_id); + psa_reset_key_attributes(&from_attributes); + psa_reset_key_attributes(&to_attributes); + psa_reset_key_attributes(&actual_attributes); + PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index f3ea553..52e6823 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -126,6 +126,18 @@ PBES2 Encrypt, pad=8 (PKCS7 padding disabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:"" +PBES2 Encrypt, AES-128-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e" + +PBES2 Encrypt, AES-192-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94" + +PBES2 Encrypt, AES-256-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7 +pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566" + PBES2 Decrypt (OK) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF" @@ -142,6 +154,18 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607" +PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" + +PBES2 Decrypt AES-192-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" + +PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL) +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629" + PBES2 Decrypt (bad params tag) depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:"" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 65384a8..4c8bf23 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -4,6 +4,7 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" +#include "x509_internal.h" #include "mbedtls/oid.h" #include "sys/types.h" #include "sys/stat.h" diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 6387735..1650f51 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -890,6 +890,46 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 + +Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 + +Parse RSA Key #100.1 (512-bit) +depends_on:MBEDTLS_PEM_C +pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 + +Parse RSA Key #100.1 (521-bit) +depends_on:MBEDTLS_PEM_C +pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 + +Parse RSA Key #100.1 (522-bit) +depends_on:MBEDTLS_PEM_C +pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 + +Parse RSA Key #100.1 (528-bit) +depends_on:MBEDTLS_PEM_C +pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 @@ -1120,78 +1160,6 @@ pk_parse_key:"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (First tag not Sequence) pk_parse_key:"020100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Key ASN1 (RSAPrivateKey, incorrect version tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"300100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, version tag missing) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, invalid version) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3003020101":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct version, incorrect tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"300402010000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format+values, minimal modulus size (128 bit)) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 - -Key ASN1 (RSAPrivateKey, correct format, modulus too small (127 bit)) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, modulus even) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, d == 0) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct format, d == p == q == 0) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, trailing garbage) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, n wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, e wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, d wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, p wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, q wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, dp wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, dq wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - -Key ASN1 (RSAPrivateKey, correct values, qp wrong tag) -depends_on:MBEDTLS_RSA_C -pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT - Key ASN1 (ECPrivateKey, empty parameters) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index d416b87..7dc8413 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -6,10 +6,91 @@ #include "mbedtls/psa_util.h" #include "pk_internal.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "test/psa_exercise_key.h" +#endif + #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) #define HAVE_mbedtls_pk_parse_key_pkcs8_encrypted_der #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_FS_IO) +static int test_psa_bridge(const mbedtls_pk_context *ctx, + psa_key_usage_t usage_flag) +{ + switch (usage_flag) { + case PSA_KEY_USAGE_SIGN_HASH: + mbedtls_test_set_step(0); + break; + case PSA_KEY_USAGE_SIGN_MESSAGE: + mbedtls_test_set_step(1); + break; + case PSA_KEY_USAGE_DECRYPT: + mbedtls_test_set_step(2); + break; + case PSA_KEY_USAGE_DERIVE: + mbedtls_test_set_step(3); + break; + case PSA_KEY_USAGE_VERIFY_HASH: + mbedtls_test_set_step(4); + break; + case PSA_KEY_USAGE_VERIFY_MESSAGE: + mbedtls_test_set_step(5); + break; + case PSA_KEY_USAGE_ENCRYPT: + mbedtls_test_set_step(6); + break; + } + + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_svc_key_id_t psa_key = MBEDTLS_SVC_KEY_ID_INIT; + int ok = 0; + + TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + if (!mbedtls_test_key_consistency_psa_pk(psa_key, ctx)) { + goto exit; + } + + psa_algorithm_t exercise_usage = psa_get_key_usage_flags(&attributes); + psa_algorithm_t exercise_alg = psa_get_key_algorithm(&attributes); + if (mbedtls_test_can_exercise_psa_algorithm(exercise_alg)) { + TEST_ASSERT(mbedtls_test_psa_exercise_key(psa_key, + exercise_usage, + exercise_alg)); + } + + mbedtls_test_set_step((unsigned long) -1); + ok = 1; + +exit: + psa_destroy_key(psa_key); + psa_reset_key_attributes(&attributes); + return ok; +} + +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +/* Whether a pk key can do ECDSA. Opaque keys are not supported since this + * test suite does not create opaque keys. */ +static int pk_can_ecdsa(const mbedtls_pk_context *ctx) +{ + /* Check whether we have an EC key. Unfortunately this also accepts + * keys on Montgomery curves, which can only do ECDH, so we'll have + * to dig further. */ + if (!mbedtls_pk_can_do(ctx, MBEDTLS_PK_ECDSA)) { + return 0; + } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return ctx->ec_family != PSA_ECC_FAMILY_MONTGOMERY; +#elif defined(MBEDTLS_ECDSA_C) + return mbedtls_ecdsa_can_do(mbedtls_pk_ec_ro(*ctx)->grp.id); +#else + return 0; +#endif +} +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +#endif /* MBEDTLS_PSA_CRYPTO_C && && MBEDTLS_FS_IO */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -41,11 +122,25 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result) TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0); + + size_t bitlen = mbedtls_rsa_get_bitlen(rsa); + TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8); + +#if defined(MBEDTLS_PSA_CRYPTO_C) + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DECRYPT)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); +#endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -68,11 +163,22 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result) TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); rsa = mbedtls_pk_rsa(ctx); TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0); + + size_t bitlen = mbedtls_rsa_get_bitlen(rsa); + TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8); + +#if defined(MBEDTLS_PSA_CRYPTO_C) + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_ENCRYPT)); +#endif } exit: mbedtls_pk_free(&ctx); - MD_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -100,11 +206,19 @@ void pk_parse_public_keyfile_ec(char *key_file, int result) eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0); #endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) + PSA_INIT(); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } +#endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ @@ -124,17 +238,28 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) if (res == 0) { TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + /* PSA keys are already checked on import so nothing to do here. */ +#else const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0); -#else - /* PSA keys are already checked on import so nothing to do here. */ +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_C) + PSA_INIT(); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_DERIVE)); + if (pk_can_ecdsa(&ctx)) { + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_MESSAGE)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH)); + TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_MESSAGE)); + } #endif } exit: mbedtls_pk_free(&ctx); - MD_OR_USE_PSA_DONE(); + PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 733909e..735c125 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "mbedtls/pk.h" +#include "pk_internal.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "psa/crypto_sizes.h" @@ -75,6 +75,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) size_t buf_len, check_buf_len; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ USE_PSA_INIT(); @@ -117,10 +118,13 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) /* Verify that pk_write works also for opaque private keys */ if (!is_public_key) { memset(buf, 0, check_buf_len); - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id, - PSA_ALG_NONE, - PSA_KEY_USAGE_EXPORT, - PSA_ALG_NONE), 0); + /* Turn the key PK context into an opaque one. + * Note: set some practical usage for the key to make get_psa_attributes() happy. */ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_MESSAGE, &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &opaque_id), 0); + mbedtls_pk_free(&key); + mbedtls_pk_init(&key); + TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0); start_buf = buf; buf_len = check_buf_len; TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, @@ -172,6 +176,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) size_t pub_key_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&priv_key); @@ -194,9 +199,12 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_platform_zeroize(derived_key_raw, derived_key_len); - TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id, - PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, - PSA_ALG_NONE), 0); + /* Turn the priv_key PK context into an opaque one. */ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&priv_key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&priv_key, &key_attr, &opaque_key_id), 0); + mbedtls_pk_free(&priv_key); + mbedtls_pk_init(&priv_key); + TEST_EQUAL(mbedtls_pk_setup_opaque(&priv_key, opaque_key_id), 0); TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw, derived_key_len), pub_key_len); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index bf40aeb..95983cb 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -104,9 +104,9 @@ PSA import/export RSA keypair: export buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA import/export RSA keypair: trailing garbage ignored +PSA import/export RSA keypair: trailing garbage rejected depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0 +import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT PSA import/export RSA public key: good, 1024-bit, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST @@ -156,9 +156,9 @@ PSA import/export RSA keypair: export buffer too small, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA import/export RSA keypair: trailing garbage ignored, opaque +PSA import/export RSA keypair: trailing garbage rejected, opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0 +import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: truncated depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @@ -496,178 +496,168 @@ PSA import/export RSA keypair: policy forbids export (sign), opaque depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 -# Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS -# extension which we may drop in the future. -PSA import/export RSA public key: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C -import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 - -PSA import/export RSA keypair: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PEM_PARSE_C -import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 - PSA import/export FFDH RFC7919 2048 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 2048 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048 import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072 import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 3072 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072 import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096 import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 4096 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096 import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144 import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 6144 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144 import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 key pair: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192 import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 PSA import/export FFDH RFC7919 8192 public key: good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192 import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1 -PSA import/export FFDH RFC7919 2048 key pair: export not permitterd -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +PSA import/export FFDH RFC7919 2048 key pair: export not permitted +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048 import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2040 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048 import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072 import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 3064 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072 import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096 import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 4088 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096 import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144 import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 6136 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144 import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 key pair: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192 import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 8184 public key: import invalid key length -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192 import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT PSA import/export FFDH RFC7919 2048 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 2048 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048 import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072 import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 3072 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072 import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096 import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 4096 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096 import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144 import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 6144 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144 import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 key pair: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192 import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export FFDH RFC7919 8192 public key: export buffer to small -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192 import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export-public FFDH RFC7919 public key 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048 import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0" PSA import/export-public FFDH RFC7919 key pair 2048 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048 import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729" PSA import/export-public FFDH RFC7919 public key 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072 import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512" PSA import/export-public FFDH RFC7919 key pair 3072 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072 import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90" PSA import/export-public FFDH RFC7919 public key 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096 import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B" PSA import/export-public FFDH RFC7919 key pair 4096 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096 import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355" PSA import/export-public FFDH RFC7919 public key 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144 import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 key pair 6144 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144 import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D" PSA import/export-public FFDH RFC7919 public key 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192 import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import/export-public FFDH RFC7919 key pair 8192 good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192 import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187" PSA import: reject raw data key of length 0 @@ -5461,19 +5451,19 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: TLS12_ECJPAKE_TO_PMS, good input, output too short -depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: TLS12_ECJPAKE_TO_PMS, input[0]=0x02 -depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too short -depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long -depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output @@ -6329,6 +6319,53 @@ PSA key derivation: HKDF-Expand SHA-1, request too much capacity depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT +# TLS 1.2 PRF does not have a maximum capacity therefore +# derive_set_capacity negative test case is not added + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, request too much capacity +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):48U + 1U:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, request too much capacity +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):48U + 1U:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: TLS 1.2 ECJPAKE-to-PMS, request too much capacity +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: PBKDF2-HMAC-SHA256, request too much capacity +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: PBKDF2-HMAC-SHA512, request too much capacity +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_512:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_512):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_512) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, request too much capacity +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:4294967295ULL * 16 + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: TLS 1.2 PRF SHA-256, request maximum capacity +depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):SIZE_MAX:PSA_SUCCESS + +PSA key derivation: TLS 1.2 PRF SHA-384, request maximum capacity +depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_384 +derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):SIZE_MAX:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, request maximum capacity +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_256):PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA512, request maximum capacity +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_512:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_512):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_512):PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, request maximum capacity +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:SIZE_MAX>=0xffffffffffffffff +derive_set_capacity:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:4294967295ULL * 16:PSA_SUCCESS + PSA key derivation: over capacity 42: output 42+1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0 @@ -6525,17 +6562,69 @@ PSA key derivation: HKDF SHA-256, read maximum capacity minus 1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 +PSA key derivation: HKDF SHA-512, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1 + PSA key derivation: HKDF SHA-256, read maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) -PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 +PSA key derivation: HKDF SHA-512, read maximum capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) -PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) +PSA key derivation: HKDF-Extract SHA-256, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 + +PSA key derivation: HKDF-Extract SHA-512, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1 + +PSA key derivation: HKDF-Extract SHA-256, read maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256) + +PSA key derivation: HKDF-Extract SHA-512, read maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_512) + +PSA key derivation: HKDF-Expand SHA-256, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 + +PSA key derivation: HKDF-Expand SHA-512, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1 + +PSA key derivation: HKDF-Expand SHA-256, read maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + +PSA key derivation: HKDF-Expand SHA-512, read maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_512 +derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47 + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity minus 1 +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47 + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48 + +PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity +depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS +derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48 + +PSA key derivation: TLS 1.2 ECJPAKE-to-PMS, read maximum capacity +depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256 +derive_full:PSA_ALG_TLS12_ECJPAKE_TO_PMS:"deadbeef":"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256) PSA key derivation: HKDF SHA-256, exercise AES128-CTR depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES @@ -6786,6 +6875,18 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52" +PSA key derivation: default params -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"":PSA_SUCCESS:"3cb25f25faacd57a90434f64d0362f2a" + +PSA key derivation: params.flags=1 -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:1:"":PSA_ERROR_INVALID_ARGUMENT:"" + +PSA key derivation: params.data non-empty -> AES-128 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_ext:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:0:"2a":PSA_ERROR_INVALID_ARGUMENT:"" + PSA key derivation: invalid type (0) depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0 @@ -7089,35 +7190,35 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_ raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA raw key agreement: FFDH 2048 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230" PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba" PSA raw key agreement: FFDH 3072 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0" PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b" PSA raw key agreement: FFDH 4096 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1" PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c" PSA raw key agreement: FFDH 6144 bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894" PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros) -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 @@ -7149,51 +7250,51 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":"" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da" PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":"" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6" PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":"" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87" PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":"" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c" PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255 -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c" PSA generate random: 0 bytes @@ -7335,48 +7436,254 @@ PSA generate key: ECC, Curve448, good depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0 -PSA generate key: RSA, default e -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"":PSA_SUCCESS - -PSA generate key: RSA, e=3 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"03":PSA_SUCCESS - -PSA generate key: RSA, e=65537 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"010001":PSA_SUCCESS - -PSA generate key: RSA, e=513 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"0201":PSA_SUCCESS - -PSA generate key: RSA, e=1 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"01":PSA_ERROR_INVALID_ARGUMENT - -PSA generate key: RSA, e=2 -generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT - PSA generate key: FFDH, 2048 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 3072 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 4096 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 6144 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 8192 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0 PSA generate key: FFDH, 1024 bits, invalid bits depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0 +PSA generate key ext: RSA, params.flags=1 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:1:"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: RSA, empty e +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"":PSA_SUCCESS + +PSA generate key ext: RSA, e=3 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"03":PSA_SUCCESS + +PSA generate key ext: RSA, e=3 with leading zeros +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"000003":PSA_SUCCESS + +# TODO: currently errors with NOT_SUPPORTED because e is converted to an int +# and the conversion errors out if there are too many digits without checking +# for leading zeros. This is a very minor bug. Re-enable this test when this +# bug is fixed. +#PSA generate key ext: RSA, e=3 with many leading zeros +#depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +#generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0000000000000000000000000000000003":PSA_SUCCESS + +PSA generate key ext: RSA, e=513 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"0201":PSA_SUCCESS + +PSA generate key ext: RSA, e=65537 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"010001":PSA_SUCCESS + +PSA generate key ext: RSA, e=2^31-1 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:INT_MAX>=0x7fffffff +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:"7fffffff":PSA_SUCCESS + +PSA generate key ext: RSA, e=2^31+3 (too large for built-in RSA) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0x7fffffff +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"80000003":PSA_ERROR_NOT_SUPPORTED + +PSA generate key ext: RSA, e=2^64+3 (too large for built-in RSA) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE:INT_MAX<=0xffffffffffffffff +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"010000000000000003":PSA_ERROR_NOT_SUPPORTED + +PSA generate key ext: RSA, e=1 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"01":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: RSA, e=0 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"00":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: RSA, e=2 +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"02":PSA_ERROR_INVALID_ARGUMENT + +# Check that with a driver, we reject a custom e as unsupported, +# as opposed to silently using the default e. +# When we add proper driver support, remove this test case and remove +# the dependency on MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE from +# the positive/invalid_argument test cases. +PSA generate key ext: RSA, e=3 with driver and no fallback (not yet supported) +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:!MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE +generate_key_ext:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:0:0:"03":PSA_ERROR_NOT_SUPPORTED + +PSA generate key ext: ECC, flags=0 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"":PSA_SUCCESS + +PSA generate key ext: ECC, flags=1 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:1:"":PSA_ERROR_INVALID_ARGUMENT + +PSA generate key ext: ECC, params.data non-empty +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH +generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT + +PSA concurrent key generation: bad type (RSA public key) +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 0 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 7 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation- raw data, 9 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 + +PSA concurrent key generation: raw data, 65536 bits (not supported) +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65536:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: AES, 128 bits, CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: AES, 128 bits, GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 64 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 128 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 192 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: invalid key size: AES, 64 bits +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1032 bits, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, encrypt (OAEP SHA-256) +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 0 bits: invalid +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 8: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 2: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, maximum size exceeded +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, incorrect bit size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +# INVALID_ARGUMENT would make more sense, but our code as currently structured +# doesn't fully relate the curve with its size. +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, Curve25519, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, Curve448, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 2048 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 3072 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 4096 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 6144 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 8192 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 1024 bits, invalid bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +Key production parameters initializers +key_production_parameters_init: + PSA import persistent key: raw data, 8 bits depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d80f323..1e3983c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -27,6 +27,10 @@ #define TEST_DRIVER_LOCATION 0x7fffff #endif +#if defined(MBEDTLS_THREADING_PTHREAD) +#include "mbedtls/threading.h" +#endif + /* If this comes up, it's a bug in the test code or in the test data. */ #define UNUSED 0xdeadbeef @@ -1254,6 +1258,144 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, } #endif /* MBEDTLS_ECP_RESTARTABLE */ +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +static int rsa_test_e(mbedtls_svc_key_id_t key, + size_t bits, + const data_t *e_arg) +{ + uint8_t *exported = NULL; + size_t exported_size = + PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits); + size_t exported_length = SIZE_MAX; + int ok = 0; + + TEST_CALLOC(exported, exported_size); + PSA_ASSERT(psa_export_public_key(key, + exported, exported_size, + &exported_length)); + uint8_t *p = exported; + uint8_t *end = exported + exported_length; + size_t len; + /* RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + */ + TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED)); + TEST_ASSERT(mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)); + TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, + MBEDTLS_ASN1_INTEGER)); + if (len >= 1 && p[0] == 0) { + ++p; + --len; + } + if (e_arg->len == 0) { + TEST_EQUAL(len, 3); + TEST_EQUAL(p[0], 1); + TEST_EQUAL(p[1], 0); + TEST_EQUAL(p[2], 1); + } else { + const uint8_t *expected = e_arg->x; + size_t expected_len = e_arg->len; + while (expected_len > 0 && *expected == 0) { + ++expected; + --expected_len; + } + TEST_MEMORY_COMPARE(p, len, expected, expected_len); + } + ok = 1; + +exit: + mbedtls_free(exported); + return ok; +} +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ + +static int setup_key_production_parameters( + psa_key_production_parameters_t **params, size_t *params_data_length, + int flags_arg, const data_t *params_data) +{ + *params_data_length = params_data->len; + /* If there are N bytes of padding at the end of + * psa_key_production_parameters_t, then it's enough to allocate + * MIN(sizeof(psa_key_production_parameters_t), + * offsetof(psa_key_production_parameters_t, data) + params_data_length). + * + * For simplicity, here, we allocate up to N more bytes than necessary. + * In practice, the current layout of psa_key_production_parameters_t + * makes padding extremely unlikely, so we don't worry about testing + * that the library code doesn't try to access these extra N bytes. + */ + *params = mbedtls_calloc(1, sizeof(**params) + *params_data_length); + TEST_ASSERT(*params != NULL); + (*params)->flags = (uint32_t) flags_arg; + memcpy((*params)->data, params_data->x, params_data->len); + return 1; +exit: + return 0; +} + +#if defined(MBEDTLS_THREADING_PTHREAD) +typedef struct generate_key_context { + psa_key_type_t type; + psa_key_usage_t usage; + size_t bits; + psa_algorithm_t alg; + psa_status_t expected_status; + psa_key_attributes_t *attributes; + int is_large_key; + int reps; +} +generate_key_context; +void *thread_generate_key(void *ctx) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; + generate_key_context *gkc = (struct generate_key_context *) ctx; + + /* If there are race conditions, it is likely the case that they do not + * arise every time the code runs. We repeat the code to increase the + * chance that any race conditions will be hit. */ + for (int n = 0; n < gkc->reps; n++) { + /* Generate a key */ + psa_status_t status = psa_generate_key(gkc->attributes, &key); + + if (gkc->is_large_key > 0) { + TEST_ASSUME(status != PSA_ERROR_INSUFFICIENT_MEMORY); + } + + TEST_EQUAL(status, gkc->expected_status); + if (gkc->expected_status != PSA_SUCCESS) { + PSA_ASSERT(psa_destroy_key(key)); + goto exit; + } + + /* Test the key information */ + PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); + TEST_EQUAL(psa_get_key_type(&got_attributes), gkc->type); + TEST_EQUAL(psa_get_key_bits(&got_attributes), gkc->bits); + + /* Do something with the key according + * to its type and permitted usage. */ + if (!mbedtls_test_psa_exercise_key(key, gkc->usage, gkc->alg)) { + psa_destroy_key(key); + goto exit; + } + psa_reset_key_attributes(&got_attributes); + + PSA_ASSERT(psa_destroy_key(key)); + } +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&got_attributes); + return NULL; +} +#endif /* MBEDTLS_THREADING_PTHREAD */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -8462,7 +8604,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void derive_set_capacity(int alg_arg, int capacity_arg, +void derive_set_capacity(int alg_arg, int64_t capacity_arg, int expected_status_arg) { psa_algorithm_t alg = alg_arg; @@ -8943,7 +9085,7 @@ void derive_full(int alg_arg, psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - unsigned char output_buffer[16]; + unsigned char output_buffer[32]; size_t expected_capacity = requested_capacity; size_t current_capacity; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -9258,6 +9400,81 @@ exit: /* END_CASE */ /* BEGIN_CASE */ +void derive_key_ext(int alg_arg, + data_t *key_data, + data_t *input1, + data_t *input2, + int key_type_arg, int bits_arg, + int flags_arg, + data_t *params_data, + psa_status_t expected_status, + data_t *expected_export) +{ + mbedtls_svc_key_id_t base_key = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_svc_key_id_t derived_key = MBEDTLS_SVC_KEY_ID_INIT; + const psa_algorithm_t alg = alg_arg; + const psa_key_type_t key_type = key_type_arg; + const size_t bits = bits_arg; + psa_key_production_parameters_t *params = NULL; + size_t params_data_length = 0; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + const size_t export_buffer_size = + PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, bits); + uint8_t *export_buffer = NULL; + psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t export_length; + + TEST_CALLOC(export_buffer, export_buffer_size); + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&base_attributes, alg); + psa_set_key_type(&base_attributes, PSA_KEY_TYPE_DERIVE); + PSA_ASSERT(psa_import_key(&base_attributes, key_data->x, key_data->len, + &base_key)); + + if (mbedtls_test_psa_setup_key_derivation_wrap( + &operation, base_key, alg, + input1->x, input1->len, + input2->x, input2->len, + PSA_KEY_DERIVATION_UNLIMITED_CAPACITY) == 0) { + goto exit; + } + + psa_set_key_usage_flags(&derived_attributes, PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&derived_attributes, 0); + psa_set_key_type(&derived_attributes, key_type); + psa_set_key_bits(&derived_attributes, bits); + if (!setup_key_production_parameters(¶ms, ¶ms_data_length, + flags_arg, params_data)) { + goto exit; + } + + TEST_EQUAL(psa_key_derivation_output_key_ext(&derived_attributes, &operation, + params, params_data_length, + &derived_key), + expected_status); + + if (expected_status == PSA_SUCCESS) { + PSA_ASSERT(psa_export_key(derived_key, + export_buffer, export_buffer_size, + &export_length)); + TEST_MEMORY_COMPARE(export_buffer, export_length, + expected_export->x, expected_export->len); + } + +exit: + mbedtls_free(export_buffer); + mbedtls_free(params); + psa_key_derivation_abort(&operation); + psa_destroy_key(base_key); + psa_destroy_key(derived_key); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE */ void derive_key(int alg_arg, data_t *key_data, data_t *input1, data_t *input2, int type_arg, int bits_arg, @@ -9633,6 +9850,59 @@ exit: } /* END_CASE */ +#if defined MBEDTLS_THREADING_PTHREAD + +/* BEGIN_CASE depends_on:MBEDTLS_THREADING_PTHREAD */ +void concurrently_generate_keys(int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int expected_status_arg, + int is_large_key_arg, + int arg_thread_count, + int reps_arg) +{ + size_t thread_count = (size_t) arg_thread_count; + mbedtls_test_thread_t *threads = NULL; + generate_key_context gkc; + gkc.type = type_arg; + gkc.usage = usage_arg; + gkc.bits = bits_arg; + gkc.alg = alg_arg; + gkc.expected_status = expected_status_arg; + gkc.is_large_key = is_large_key_arg; + gkc.reps = reps_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, usage_arg); + psa_set_key_algorithm(&attributes, alg_arg); + psa_set_key_type(&attributes, type_arg); + psa_set_key_bits(&attributes, bits_arg); + gkc.attributes = &attributes; + + TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count); + + /* Split threads to generate key then destroy key. */ + for (size_t i = 0; i < thread_count; i++) { + TEST_EQUAL( + mbedtls_test_thread_create(&threads[i], thread_generate_key, + (void *) &gkc), 0); + } + + /* Join threads. */ + for (size_t i = 0; i < thread_count; i++) { + TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0); + } + +exit: + mbedtls_free(threads); + PSA_DONE(); +} +/* END_CASE */ +#endif + /* BEGIN_CASE */ void generate_key(int type_arg, int bits_arg, @@ -9690,71 +9960,57 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ -void generate_key_rsa(int bits_arg, - data_t *e_arg, +/* BEGIN_CASE */ +void generate_key_ext(int type_arg, + int bits_arg, + int usage_arg, + int alg_arg, + int flags_arg, + data_t *params_data, int expected_status_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR; + psa_key_type_t type = type_arg; + psa_key_usage_t usage = usage_arg; size_t bits = bits_arg; - psa_key_usage_t usage = PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT; - psa_algorithm_t alg = PSA_ALG_RSA_PKCS1V15_SIGN_RAW; + psa_algorithm_t alg = alg_arg; psa_status_t expected_status = expected_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t *exported = NULL; - size_t exported_size = - PSA_EXPORT_KEY_OUTPUT_SIZE(PSA_KEY_TYPE_RSA_PUBLIC_KEY, bits); - size_t exported_length = SIZE_MAX; - uint8_t *e_read_buffer = NULL; - int is_default_public_exponent = 0; - size_t e_read_size = PSA_KEY_DOMAIN_PARAMETERS_SIZE(type, bits); - size_t e_read_length = SIZE_MAX; - - if (e_arg->len == 0 || - (e_arg->len == 3 && - e_arg->x[0] == 1 && e_arg->x[1] == 0 && e_arg->x[2] == 1)) { - is_default_public_exponent = 1; - e_read_size = 0; - } - TEST_CALLOC(e_read_buffer, e_read_size); - TEST_CALLOC(exported, exported_size); + psa_key_production_parameters_t *params = NULL; + size_t params_data_length = 0; + psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT(psa_crypto_init()); psa_set_key_usage_flags(&attributes, usage); psa_set_key_algorithm(&attributes, alg); - PSA_ASSERT(psa_set_key_domain_parameters(&attributes, type, - e_arg->x, e_arg->len)); + psa_set_key_type(&attributes, type); psa_set_key_bits(&attributes, bits); + if (!setup_key_production_parameters(¶ms, ¶ms_data_length, + flags_arg, params_data)) { + goto exit; + } + /* Generate a key */ - TEST_EQUAL(psa_generate_key(&attributes, &key), expected_status); + psa_status_t status = psa_generate_key_ext(&attributes, + params, params_data_length, + &key); + + TEST_EQUAL(status, expected_status); if (expected_status != PSA_SUCCESS) { goto exit; } /* Test the key information */ - PSA_ASSERT(psa_get_key_attributes(key, &attributes)); - TEST_EQUAL(psa_get_key_type(&attributes), type); - TEST_EQUAL(psa_get_key_bits(&attributes), bits); - psa_status_t status = psa_get_key_domain_parameters(&attributes, - e_read_buffer, e_read_size, - &e_read_length); - + PSA_ASSERT(psa_get_key_attributes(key, &got_attributes)); + TEST_EQUAL(psa_get_key_type(&got_attributes), type); + TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); -#if (defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) && \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT)) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) - if (is_default_public_exponent) { - TEST_EQUAL(e_read_length, 0); - } else { - TEST_EQUAL(status, PSA_SUCCESS); - TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len); +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) + if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { + TEST_ASSERT(rsa_test_e(key, bits, params_data)); } -#else - (void) is_default_public_exponent; - TEST_EQUAL(status, PSA_ERROR_NOT_SUPPORTED); #endif /* Do something with the key according to its type and permitted usage. */ @@ -9762,49 +10018,27 @@ void generate_key_rsa(int bits_arg, goto exit; } - /* Export the key and check the public exponent. */ - PSA_ASSERT(psa_export_public_key(key, - exported, exported_size, - &exported_length)); - { - uint8_t *p = exported; - uint8_t *end = exported + exported_length; - size_t len; - /* RSAPublicKey ::= SEQUENCE { - * modulus INTEGER, -- n - * publicExponent INTEGER } -- e - */ - TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED)); - TEST_ASSERT(mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)); - TEST_EQUAL(0, mbedtls_asn1_get_tag(&p, end, &len, - MBEDTLS_ASN1_INTEGER)); - if (len >= 1 && p[0] == 0) { - ++p; - --len; - } - if (e_arg->len == 0) { - TEST_EQUAL(len, 3); - TEST_EQUAL(p[0], 1); - TEST_EQUAL(p[1], 0); - TEST_EQUAL(p[2], 1); - } else { - TEST_MEMORY_COMPARE(p, len, e_arg->x, e_arg->len); - } - } - exit: /* - * Key attributes may have been returned by psa_get_key_attributes() or - * set by psa_set_key_domain_parameters() thus reset them as required. + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. */ - psa_reset_key_attributes(&attributes); - + psa_reset_key_attributes(&got_attributes); + mbedtls_free(params); psa_destroy_key(key); PSA_DONE(); - mbedtls_free(e_read_buffer); - mbedtls_free(exported); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void key_production_parameters_init() +{ + psa_key_production_parameters_t init = PSA_KEY_PRODUCTION_PARAMETERS_INIT; + psa_key_production_parameters_t zero; + memset(&zero, 0, sizeof(zero)); + + TEST_EQUAL(init.flags, 0); + TEST_EQUAL(zero.flags, 0); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index c4e4c7d..ea8cb6b 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -61,7 +61,7 @@ void format_storage_data_check(data_t *key_data, TEST_CALLOC(file_data, file_data_length); psa_format_key_data_for_storage(key_data->x, key_data->len, - &attributes.core, + &attributes, file_data); TEST_MEMORY_COMPARE(expected_file_data->x, expected_file_data->len, @@ -90,7 +90,7 @@ void parse_storage_data_check(data_t *file_data, status = psa_parse_key_data_from_storage(file_data->x, file_data->len, &key_data, &key_data_length, - &attributes.core); + &attributes); TEST_EQUAL(status, expected_status); if (status != PSA_SUCCESS) { diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 8e96984..e3681ba 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -952,7 +952,7 @@ void key_creation_import_export(int lifetime_arg, int min_slot, int restart) psa_set_key_slot_number(&attributes, min_slot); if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) { - attributes.core.id = returned_id; + attributes.id = returned_id; } else { psa_set_key_id(&attributes, returned_id); } diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index 6f28f93..b6d3a34 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -359,19 +359,19 @@ void mock_import(int mock_alloc_return_value, if (mock_alloc_return_value == PSA_SUCCESS) { TEST_ASSERT(mbedtls_svc_key_id_equal( - mock_import_data.attributes.core.id, id)); + mock_import_data.attributes.id, id)); } else { TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID( - mock_import_data.attributes.core.id) == 0); + mock_import_data.attributes.id) == 0); TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( - mock_import_data.attributes.core.id) == 0); + mock_import_data.attributes.id) == 0); } - TEST_ASSERT(mock_import_data.attributes.core.lifetime == + TEST_ASSERT(mock_import_data.attributes.lifetime == (mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0)); - TEST_ASSERT(mock_import_data.attributes.core.policy.usage == + TEST_ASSERT(mock_import_data.attributes.policy.usage == (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0)); - TEST_ASSERT(mock_import_data.attributes.core.type == + TEST_ASSERT(mock_import_data.attributes.type == (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0)); if (expected_result == PSA_SUCCESS) { @@ -474,19 +474,19 @@ void mock_generate(int mock_alloc_return_value, if (mock_alloc_return_value == PSA_SUCCESS) { TEST_ASSERT(mbedtls_svc_key_id_equal( - mock_generate_data.attributes.core.id, id)); + mock_generate_data.attributes.id, id)); } else { TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID( - mock_generate_data.attributes.core.id) == 0); + mock_generate_data.attributes.id) == 0); TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID( - mock_generate_data.attributes.core.id) == 0); + mock_generate_data.attributes.id) == 0); } - TEST_ASSERT(mock_generate_data.attributes.core.lifetime == + TEST_ASSERT(mock_generate_data.attributes.lifetime == (mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0)); - TEST_ASSERT(mock_generate_data.attributes.core.policy.usage == + TEST_ASSERT(mock_generate_data.attributes.policy.usage == (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0)); - TEST_ASSERT(mock_generate_data.attributes.core.type == + TEST_ASSERT(mock_generate_data.attributes.type == (mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0)); if (expected_result == PSA_SUCCESS) { diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 8564d35..94f26f6 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -458,7 +458,7 @@ void create_fail(int lifetime_arg, int id_arg, * PSA key attributes APIs thus accessing to the attributes * directly. */ - attributes.core.id = id; + attributes.id = id; } else { psa_set_key_id(&attributes, id); } @@ -992,7 +992,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation() * Check that we can now access the persistent key again. */ PSA_ASSERT(psa_get_key_attributes(persistent_key, &attributes)); - TEST_ASSERT(mbedtls_svc_key_id_equal(attributes.core.id, + TEST_ASSERT(mbedtls_svc_key_id_equal(attributes.id, persistent_key)); /* diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data new file mode 100644 index 0000000..807007b --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_util.data @@ -0,0 +1,167 @@ +ECDSA Raw -> DER, 256bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, DER buffer too small +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA Raw -> DER, 256bit, Null r +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Null s +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, r with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, s with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, both r and s with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"A111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"3046022100A111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, r and s only 1 byte of data +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000022":"3006020111020122":0 + +ECDSA Raw -> DER, 256bit, r and s only 1 byte of data with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"000000000000000000000000000000000000000000000000000000000000009100000000000000000000000000000000000000000000000000000000000000A2":"300802020091020200A2":0 + +ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte shorter) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte shorter) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte longer) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte longer) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Raw buffer too small +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL + +ECDSA DER -> Raw, 256bit, Wrong sequence tag +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Invalid sequence length +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH + +ECDSA DER -> Raw, 256bit, Wrong integer tag +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte smaller than the actual size) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte larger than the actual size) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte smaller than the actual size) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte larger than the actual size) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +ECDSA DER -> Raw, 256bit, r size 1 byte larger than allowed for output raw coordinate +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3045022111111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, r with MSb set +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Invalid r all zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid s all zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0 + +ECDSA DER -> Raw, 256bit, Invalid 0-length r +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid 0-length s +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA + +ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA + +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +ECDSA Raw -> DER, 512bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 +ecdsa_raw_to_der:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +ECDSA DER -> Raw, 512bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 +ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +ECDSA Raw -> DER, 521bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 +ecdsa_raw_to_der:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes. +ECDSA DER -> Raw, 521bit, Success +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 +ecdsa_der_to_raw:521:"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0 + +ECDSA Raw -> DER, 256bit, Incremental DER buffer sizes +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der_incremental:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 512bit, Incremental DER buffer sizes +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512 +ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818502410091111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521 +ecdsa_raw_to_der_incremental:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222" + +ECDSA Raw -> DER, 256bit, DER buffer of minimal length (1 byte per integer) +depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256 +ecdsa_raw_to_der_incremental:256:"00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002":"3006020101020102" diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function new file mode 100644 index 0000000..2d8915e --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_util.function @@ -0,0 +1,91 @@ +/* BEGIN_HEADER */ +#include <test/helpers.h> +#include <mbedtls/psa_util.h> +/* END_HEADER */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_ret) +{ + unsigned char *tmp_buf = NULL; + size_t tmp_buf_len = exp_result->len; + size_t ret_len; + + TEST_CALLOC(tmp_buf, tmp_buf_len); + + TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, tmp_buf_len, &ret_len), exp_ret); + + if (exp_ret == 0) { + ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len); + } + +exit: + mbedtls_free(tmp_buf); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_result) +{ + unsigned char *tmp_buf = NULL; + size_t ret_len; + size_t i; + + /* Test with an output buffer smaller than required (expexted to fail). */ + for (i = 1; i < exp_result->len; i++) { + TEST_CALLOC(tmp_buf, i); + TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, i, &ret_len) != 0); + mbedtls_free(tmp_buf); + tmp_buf = NULL; + } + /* Test with an output buffer larger/equal than required (expexted to + * succeed). */ + for (i = exp_result->len; i < (2 * exp_result->len); i++) { + TEST_CALLOC(tmp_buf, i); + TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len, + tmp_buf, i, &ret_len) == 0); + mbedtls_free(tmp_buf); + tmp_buf = NULL; + } + +exit: + mbedtls_free(tmp_buf); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */ +void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret) +{ + unsigned char *in_buf = NULL; + size_t in_buf_len; + unsigned char *out_buf = NULL; + size_t out_buf_len = exp_result->len; + size_t ret_len; + + TEST_CALLOC(out_buf, out_buf_len); + + /* Verify that parsing of truncated input always fails. */ + for (in_buf_len = 1; in_buf_len < input->len; in_buf_len++) { + /* We alloc a copy of input buffer with limited length so that sanitizers + * can detect overreads. */ + TEST_CALLOC(in_buf, in_buf_len); + memcpy(in_buf, input->x, in_buf_len); + TEST_ASSERT(mbedtls_ecdsa_der_to_raw(key_bits, in_buf, in_buf_len, + out_buf, out_buf_len, &ret_len) != 0); + mbedtls_free(in_buf); + in_buf = NULL; + } + + TEST_EQUAL(mbedtls_ecdsa_der_to_raw(key_bits, input->x, input->len, + out_buf, out_buf_len, &ret_len), exp_ret); + + if (exp_ret == 0) { + ASSERT_COMPARE(exp_result->x, exp_result->len, out_buf, ret_len); + } + +exit: + mbedtls_free(in_buf); + mbedtls_free(out_buf); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 0a60f31..b52c7dc 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -468,58 +468,160 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_primes:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (N,P,Q,D,E), inconsistent -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,P,Q,D,E), successive, inconsistent -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0 RSA Import (N,-,-,D,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0 +mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":0:0:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:0:0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":1:0:0:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:1:0:0:0 RSA Import (N,-,-,-,E), complete public key, corrupted -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,-,-,-,E), complete public key, successive, corrupted -mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 +mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 + +RSA Import (N,P,Q,D,E) 512-bit complete pair +mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"fbf724e9d31cb074dd117e96c4f9ad8ff6b4fe6dc72c7b9bc5af370c0833314d":"cf057bde49ab3cc354d731c03925e4cb34d7ecc41335948bca6d3438a0e35dff":"5705d006f8a68170b66aeacb9f231dc0bd89c85a3ea70a3b9e73bf43bca3f69699bfd123ec6fc533d3163dc8645d1e45342ad38b110659e96656f4763ec318f1":"10001":512:0:1:0:0 + +RSA Import (N,-,-,-,E) 512-bit public +mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"":"":"":"10001":512:0:0:0:0 + +RSA Import (N,P,Q,D,E) 513-bit complete pair +mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"18486f2d2df61d10ebe578caff5142047cae635909946b57c33028d35e4abac0b":"ecefea558b614138e773e1cd25380e49a910d6dd4b584457c1bfabf86922f87b":"1c3dbb460e6364b725989f7b321f3213e3a92d3bdce86c970ee05ba13cd4993758140f790489b61188c26354a6b372d32081750cecb84db563ec5724d78388ad":"10001":513:0:1:0:0 + +RSA Import (N,-,-,-,E) 513-bit public +mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"":"":"":"10001":513:0:0:0:0 + +RSA Import (N,P,Q,D,E) 514-bit complete pair +mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"1d2cc9d59be8079457a5f28c3e74d1d4c7763acc1a7e725dff09198a5b99d35cf":"1bf23921dfe89a0f681bf10fd27fd2bc914f8888b8addb1d102255e586827b665":"1d9f13ebecb3f8f7790440020831fd4682846e2ea20f13678674a7340caccd0b37ccaf79b7d4005adafb7e6f84e0ff7bbe28a27fd7337cdf100fe63afe967419":"10001":514:0:1:0:0 + +RSA Import (N,-,-,-,E) 514-bit public +mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"":"":"":"10001":514:0:0:0:0 + +RSA Import (N,P,Q,D,E) 515-bit complete pair +mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"30c23bf1faf7515ed3e63abcda5b88b6387d213854da798e6662afb09441f192f":"1f4419ac839887606a8d299bc430f8e48f8984ae81982eaf03775fbe1a347bd8b":"5e8416fece5337c84acedb5007a98e4855c85d52fd2ffb91b9b590a2dcd3a8bc88e6e61573daa526a1b37ebae41401e6811d0d1e5458f1a5074178fb274a275a5":"10001":515:0:1:0:0 + +RSA Import (N,-,-,-,E) 515-bit public +mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"":"":"":"10001":515:0:0:0:0 + +RSA Import (N,P,Q,D,E) 516-bit complete pair +mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"3a83434f8995a87a977f0e15e9b39f55551968a5f3cbaf6f7e0f177215c3a69bb":"339e4b5aef4912382ee5f6dd82c2cb5255e604279477ca22ed0b02cab66a75b59":"60a460bc5b8f0dca4d0226f6b9362b17ff4ea0e6550b45c85f79f560a2de796e35d51da40d1eae356cca05626a3686cee2dbcaa5b71b76ffa0cb313fb4a412f1":"10001":516:0:1:0:0 + +RSA Import (N,-,-,-,E) 516-bit public +mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"":"":"":"10001":516:0:0:0:0 + +RSA Import (N,P,Q,D,E) 517-bit complete pair +mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"72e502be06a9fcb3ef64801055d10ecf8ec2b4a9429423813760e4258cf575373":"3b00e49f541091dce4940c9a36f203d195a81c7812111d9a89fc5971f363085f3":"19297286444925e1ce1ea5be94845ebaae28d1a926b164c8de008d8025b46704d77326956f97ceaadc3ebb74f94edbe1b7df5236693e7bb97cdd77b4569420fd01":"10001":517:0:1:0:0 + +RSA Import (N,-,-,-,E) 517-bit public +mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"":"":"":"10001":517:0:0:0:0 + +RSA Import (N,P,Q,D,E) 518-bit complete pair +mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"725f1a4b37008897949b12bc9ba249d60d2df673b5a5367f9b490e79cc798446d":"6fa09a0615754b14f9aa4b5613e60e6d4988437c25b97fc056cb4841931902271":"1bcd08df3439e0d86b7444173966b1bda6dffe7f89d0c88b83169605316e75615c84cf7ea7c9cb16204e67329584d56f1840d247e4b392b627622d2101a2af2781":"10001":518:0:1:0:0 + +RSA Import (N,-,-,-,E) 518-bit public +mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"":"":"":"10001":518:0:0:0:0 + +RSA Import (N,P,Q,D,E) 519-bit complete pair +mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"f4c3d0904f80c3ee121aa94edda195415ddd21e4503ebbaf294993a649f896251":"72f01bc834d3eae97dea004f8af566b6030362fb3eb1063211d1dd699ece87225":"8361ce69203631864e99d5d28eb517c760b7e101941740ed0b6004ec2d07b9b6982132c9cff11ef49f715b04b6d76edd0e936b05efb4acf2cfdf6ea58f1149b41":"10001":519:0:1:0:0 + +RSA Import (N,-,-,-,E) 519-bit public +mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"":"":"":"10001":519:0:0:0:0 + +RSA Import (N,P,Q,D,E) 520-bit complete pair +mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"feb75ab38c05618105c1d7f1459475520cb64d8b477804f6f48b2bcc44ca6c147":"c37ab0c657015601027454c1e45d4abc85f7177d0757312b2811d4dc46f1b60c7":"4b4d2365a79cd317e5042fd62aeb2ec1a72dec1f2caa4655a3cab34e893aa2c81c06e18bd79a0d247dc109ab540c7eb6bf8ef27f02de66e4d8dc511bff7ce33c15":"10001":520:0:1:0:0 + +RSA Import (N,-,-,-,E) 520-bit public +mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"":"":"":"10001":520:0:0:0:0 + +RSA Import (N,P,Q,D,E) 521-bit complete pair +mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"1f2d345a210b5f085447d9534abe78d77e820dddbb24b2eb334b7c6ba91634a0f9":"d205f332807775231b96e06f47e7c0cec8981f41c6b6e6a96eafdbc40773b20e7":"15ec8c594efc122ecadc9eb6a59dce89aba607676db3b044eb46e28ce15820a5b984349a7b74a9f86c17a8503f29c0cc5b3f68790653bce30d8b0a5ba7730a16b1":"10001":521:0:1:0:0 + +RSA Import (N,-,-,-,E) 521-bit public +mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"":"":"":"10001":521:0:0:0:0 + +RSA Import (N,P,Q,D,E) 522-bit complete pair +mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"1c5785f5108bb49e43ee0b3d7261eb0efe10334ac101893a59d67e79fb3f640951":"1a7da635573970c989ca4aaa051d3a51641eed09516f8200d15effb86c3082a39d":"1e2042a744c6f2fa8cc28655a5140425c010fa68fdb0bb6c51f95551619e68034d128406fa6fc7ccd5d35a493ee8ecf98b9e987fed18353ff7e0d50ae0b65f2b841":"10001":522:0:1:0:0 + +RSA Import (N,-,-,-,E) 522-bit public +mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"":"":"":"10001":522:0:0:0:0 + +RSA Import (N,P,Q,D,E) 523-bit complete pair +mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"36f10cb3d7fa6af6616991827dd988fd0687761243126e563a24977d95b3075855":"1f0771656d359a2d4907ded0e0471e27242a59f89e30a4e21fc3cffb5da3dd4635":"4cafcdde87c452e85c0d06410dc1826509ef789dff5496279bfb05d183dfed1c452fda00deb3b345fc31cd255aa1c7e2f19e50191793a7b16e6340f0723e0d5ad11":"10001":523:0:1:0:0 + +RSA Import (N,-,-,-,E) 523-bit public +mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"":"":"":"10001":523:0:0:0:0 + +RSA Import (N,P,Q,D,E) 524-bit complete pair +mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"3f78102778bec177c9bb4f313a29afbb9c2d0089539f57aeb2976b59d17b1de699":"3079f8628b827258bb785cd0bb40623207ecf6194e65871571bf004bf0c537f5a7":"9c161921de060fd3bbcc6bdd8895474d5f54e425e43e4a4b272ac94f844498241d41f7ee7a6b90775cf5a73b3ce3015b15620494130e9198550cb3f07bdba184ac1":"10001":524:0:1:0:0 + +RSA Import (N,-,-,-,E) 524-bit public +mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"":"":"":"10001":524:0:0:0:0 + +RSA Import (N,P,Q,D,E) 525-bit complete pair +mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"676ee11f6bb61d7094148bb326d0267eb7a105549d72d360707001af8e03ecc6dd":"3ba5a5ba28f8adee0883947963c037e3a2c9e557b3edc5cca35b155e63ed3ae1b7":"d75e61ecbe87c0e817427d0f57874fb224a7dbe79912114ac6ecb1c8bafa146512b1b728d2d860e96fd283ae981ebb3272647841cdd254a5e1f075eb17df596e2c9":"10001":525:0:1:0:0 + +RSA Import (N,-,-,-,E) 525-bit public +mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"":"":"":"10001":525:0:0:0:0 + +RSA Import (N,P,Q,D,E) 526-bit complete pair +mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"766d695ac399679b33cdc68e7bf9b604d922dee04fa60a4aa2fab3263a8b323109":"633a53fef2f6b08daddd9e496625819753284b72f41290dcc8db82e55746555201":"1ff9c25614a29a344cceed5f17edaafcde69567ff6b80382089328ef57488fea49d3e660180107bb0b1770005d814216dbd493fd7aae4891fb2320226615d67e4001":"10001":526:0:1:0:0 + +RSA Import (N,-,-,-,E) 526-bit public +mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"":"":"":"10001":526:0:0:0:0 + +RSA Import (N,P,Q,D,E) 527-bit complete pair +mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"d36b6f6e6828bc2cb35b9b5ecca60ea4d33406b11ff4fafc3b439f3fa9c521733b":"66cdc1ad01f31f5eeafff4774bf4ba95ccb58a5afae6744b560e7181f8b0a119e1":"32e1d958f7044939f33a1ecc5110b2a21a31e21cc13b793665499ab88e78687a2eb19a570263370532aac0c418867027c6275b604899b26f9913a10aaacb7895ddc1":"10001":527:0:1:0:0 + +RSA Import (N,-,-,-,E) 527-bit public +mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"":"":"":"10001":527:0:0:0:0 + +RSA Import (N,P,Q,D,E) 528-bit complete pair +mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"ebdbfc4ea38f0dac4032c21663be46d045ce4bec7e6d2d773980fd92ca6aaf0f73":"e33947ec6dccc2ca956495f34923b00a490fdfef67b5332d6f084dccf58191af03":"b2e7b0373e337b1848207c5d3f8c7c15f5adf0e1f1897b33a27e7225d77b0b79b4928fd89ca267c7b334fa39949397a8870a204c9b9e98037bfd8716f0dec4802d3d":"10001":528:0:1:0:0 + +RSA Import (N,-,-,-,E) 528-bit public +mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"":"":"":"10001":528:0:0:0:0 RSA Import Raw (N,P,Q,D,E), complete private key mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 @@ -615,3 +717,120 @@ rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V1 RSA Selftest depends_on:MBEDTLS_SELF_TEST rsa_selftest: + +RSA parse/write PKCS#1 private key - 1024 bits +rsa_parse_write_pkcs1_key:0:"3082025d020100028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb702030100010281801e97247066217ff6303881341a259c4bcd3e147f87f1a714045e80a06b541847e2ce54a78801d21b302fd33f616d6ed7cfa8a262ef5e23257a1642b5fc5a61577f7dba2324e687a10b25751c78996e72d5a8c3bc4e33e4a2a96b2b44b6685e85c37200a34381269250b59f65468ea4288713c4ae3e0e064e524a53a5d7e1ec91024100cbd11d9aad72bfb8db4e6bc7c6910661b3f38fbfa368d6dba0cd6c9aa3a716c03fa374bf8b2e7ba73a216d6ded9468fbaa3d130ee376190cc41ef30419a7da1d024100c7c0e189209483f36ee00a67474960c6ddf0d3a63ca0c76955fe9f358435a5e5318c35397c4245042e0dfabf8decedfd36e4d211349b8ecc4c1baac83f30d4e3024008e692f2644cb48eb01516a3dcca0c8b4bbe81328f424ecfbc8ffc042ccd6932f014854eb017519315f8cbbc973979f4339503360d3ce50f27a96a576d7f65090241009c9b4ef74870c7a6b215ba7250446a385fc6b0d8d30da669a23f172948f71a923f2f528738316894a75ad46d1be3568ec05bd38a23b995d1fc1570e6c00c13cb0241008716c9fa7d2295f34f5849b7c593d1adcec72556ed1044cd79c868c890620b143874a8208a65b7c5e235ccaae4c2492107af513fb2cbb682a3e8119af028f7a8" + +RSA parse/write PKCS#1 public key - 1024 bits +rsa_parse_write_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" + +RSA parse/write PKCS#1 private key - 2048 bits +rsa_parse_write_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d102030100010282010100d25c964f769d3aad0210ac04da5c90a9136b27e41a47108a86d0beff6341330640bf4dddb39e82134b97a12da58ae3165988f94ad4687148cfc6f5c4e6a7804316d3eddf496f807f4c7b17ffe9e3a1e3a2408c857bf32ff2137584284242a7a96c1780229f7bd7aca82d10f2afc48d4620e1e35e35fa52be3e97b16dad6e84dbdfab4e7e21c7c2e5e5cd1c936f6c221e806bd14afa77b3eefc62e984aa2d391da408aaec0dbd2eade3023ebac77e3416cd67491d60053d317c6c8665be5c33961c379309d37d0a653d1859a6abfe195644d474739dbc44f62e623505f9460d9d8defafb12f4149d5baaf798f1345f565430cd7c096c24ca8d02d13fe90c20c5102818100f116cfdbfc0d5b3528cbfada1b21d4292ff188d41a4b22e658a9e29f610adf5fcb3329b0f567ba5029195fd648d06cc2174638f2f18ff0e0251e283e0a0b1f792751925efb617af3405083245c673dae77edc811fd668769d28ac1bee36261658a32f56a5e1b9b9e4f4fa7da55adeeb08c92f1de89f6186bd9c6d1e721638d2d02818100ea51e8798225e4ee77aa08e2f5ee0f8b847edd4c34d9bf7b8cf339b61d5bd22d504c5ab5f17572850f39018736474a449186e783dfda35da95902c8eaaec4bebb8ab6c057c678f37cd53fc1a12e5ace83d2a44d72195d565b3e8c12f89f2523fe37e52adbafde783be361fcd1f021aaaabf860febd8c5726c7089622ccca73b50281807d8248b7d76204a78a13970650b5adc3bb67dcb9beee7abebc4dc4e3001c2ee9a9d97accdb1523137431f78890e3a09af28ee63ae3b2f1cd5ec57261c9ccbc97cff651630d2f5458aa94bf910061e6e49b1eb8d754ba39a8c7a8e0f04564041c5e73e4fb78fe9a673216dfe57451563fa70f20c79fbef43bc166160463877609028180693b0fa44206b2a145ac5f014e60f32a3cfe9c73b4e8754e0f26cc2c35531f38aa6f1fedc5da70ebc0c261255003041f771b96ad6ac29c9ce5be31c4808e4e2a366d05be10f89121065d49428c6a0914e32330774ce5f5480f5be02671551a0b07279c09d9885d8894cbc9cc5cb89d3138b9fb156c1ab2a8ff89a3a34d453e6102818100aff57dd813fd064d8d1a5e8c7ea7e534dff6963a9b5b1c4da12219268c0500288901bbd36edb8071679bcd9d0d8deacfaa52e4b3659f4a69a5c5322f104524f83eb4b94bf6f02b5ad7c2ccd9bc5688f4e18ff2a70ae7638a83f2f87d8ecc9e0eebf2283f809670c8a0b79e1a576a6c9c04d4d71b75647c818a23873cdc0d77bf" + +RSA parse/write PKCS#1 public key - 2048 bits +rsa_parse_write_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001" + +RSA parse private key - incorrect version tag +rsa_parse_pkcs1_key:0:"300100":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - version tag missing +rsa_parse_pkcs1_key:0:"3000":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse private key - invalid version +rsa_parse_pkcs1_key:0:"3003020101":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct version, incorrect tag +rsa_parse_pkcs1_key:0:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct format+values, minimal modulus size (128 bit) +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0 + +RSA parse private key - missing SEQUENCE +rsa_parse_pkcs1_key:0:"020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct format, modulus too small (127 bit) +rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + +RSA parse private key - correct format, modulus even +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct format, d == 0 +rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct format, d == p == q == 0 +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct values, extra integer inside the SEQUENCE +rsa_parse_pkcs1_key:0:"3066020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse private key - correct values, extra integer outside the SEQUENCE +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse private key - correct values, n wrong tag +rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, e wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, d wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, p wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, q wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, dp wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, dq wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse private key - correct values, qp wrong tag +rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - missing SEQUENCE +rsa_parse_pkcs1_key:1:"028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong initial tag +rsa_parse_pkcs1_key:1:"318189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong modulus tag +rsa_parse_pkcs1_key:1:"308189038181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong public exponent tag +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70303010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - modulus 0 +rsa_parse_pkcs1_key:1:"3081890281810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - public exponent 0 +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - wrong sequence length +rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - wrong modulus length +rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +RSA parse public key - wrong public exponent length +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70202010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA parse public key - missing modulus +rsa_parse_pkcs1_key:1:"30050203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse public key - missing public exponent +rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7":MBEDTLS_ERR_ASN1_OUT_OF_DATA + +RSA parse public key - correct values, extra integer inside the SEQUENCE +rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH + +RSA parse public key - correct values, extra integer outside the SEQUENCE +rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA priv key write - incremental output buffer size +rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c" + +RSA priv public key write - incremental output buffer size +rsa_key_write_incremental:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001" diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 37bed6d..e824529 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" #include "rsa_alt_helpers.h" +#include "rsa_internal.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -182,7 +183,8 @@ void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -220,7 +222,8 @@ void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x, @@ -261,7 +264,8 @@ void rsa_pkcs1_sign_raw(data_t *hash_result, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -304,7 +308,8 @@ void rsa_pkcs1_verify_raw(data_t *hash_result, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -340,7 +345,8 @@ void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -381,7 +387,8 @@ void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); @@ -431,7 +438,8 @@ void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode, TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0); TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -476,8 +484,9 @@ void mbedtls_rsa_public(data_t *message_str, int mod, TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0); /* Check test data consistency */ - TEST_ASSERT(message_str->len == (size_t) (mod / 8)); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result); @@ -536,8 +545,9 @@ void mbedtls_rsa_private(data_t *message_str, int mod, TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0); /* Check test data consistency */ - TEST_ASSERT(message_str->len == (size_t) (mod / 8)); - TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8)); + TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8)); + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod); TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0); @@ -850,6 +860,7 @@ void mbedtls_rsa_import(char *input_N, char *input_Q, char *input_D, char *input_E, + int bitlen, int successive, int is_priv, int res_check, @@ -935,6 +946,9 @@ void mbedtls_rsa_import(char *input_N, /* On expected success, perform some public and private * key operations to check if the key is working properly. */ if (res_complete == 0) { + TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen); + TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8); + if (is_priv) { TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check); } else { @@ -1371,6 +1385,112 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val) +{ + mbedtls_rsa_context rsa_ctx; + + mbedtls_rsa_init(&rsa_ctx); + + if (is_public) { + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val); + } else { + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val); + } + +exit: + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void rsa_parse_write_pkcs1_key(int is_public, data_t *input) +{ + mbedtls_rsa_context rsa_ctx; + unsigned char *output_buf = NULL; + unsigned char *output_end, *output_p; + size_t output_len; + + mbedtls_rsa_init(&rsa_ctx); + + TEST_CALLOC(output_buf, input->len); + output_end = output_buf + input->len; + output_p = output_end; + + /* Parse the key and write it back to output_buf. */ + if (is_public) { + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); + TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len); + } else { + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); + TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len); + } + output_len = output_end - output_p; + + /* Check that the written key matches with the one provided in input. */ + TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len); + +exit: + mbedtls_free(output_buf); + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void rsa_key_write_incremental(int is_public, data_t *input) +{ + mbedtls_rsa_context rsa_ctx; + unsigned char *buf = NULL, *end, *p; + size_t i, written_data; + + mbedtls_rsa_init(&rsa_ctx); + + /* This is supposed to succeed as the real target of this test are the + * write attempt below. */ + if (is_public) { + TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0); + } else { + TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0); + } + + /* Test with an output buffer smaller than required. */ + for (i = 1; i < input->len; i++) { + TEST_CALLOC(buf, i); + end = buf + i; + p = end; + /* We don't care much about the return value as long as it fails. */ + if (is_public) { + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0); + } else { + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0); + } + mbedtls_free(buf); + buf = NULL; + } + + /* Test with an output buffer equal or larger than what it is strictly required. */ + for (i = input->len; i < (2 * input->len); i++) { + TEST_CALLOC(buf, i); + end = buf + i; + p = end; + /* This time all write functions must succeed. */ + if (is_public) { + TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0); + } else { + TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0); + } + written_data = (end - p); + TEST_MEMORY_COMPARE(p, written_data, input->x, input->len); + mbedtls_free(buf); + buf = NULL; + } + +exit: + mbedtls_free(buf); + mbedtls_rsa_free(&rsa_ctx); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index de998e3..c0c816c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3270,3 +3270,78 @@ ssl_ecjpake_set_password:1 Test Elliptic curves' info parsing elliptic_curve_get_properties + +TLS 1.3 resume session with ticket +tls13_resume_session_with_ticket + +TLS 1.3 read early data, early data accepted +tls13_read_early_data:TEST_EARLY_DATA_ACCEPTED + +TLS 1.3 read early data, no early data indication +tls13_read_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT + +TLS 1.3 read early data, server rejects early data +tls13_read_early_data:TEST_EARLY_DATA_SERVER_REJECTS + +TLS 1.3 read early data, discard after HRR +tls13_read_early_data:TEST_EARLY_DATA_HRR + +TLS 1.3 cli, early data status, early data accepted +tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED + +TLS 1.3 cli, early data status, no early data indication +tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT + +TLS 1.3 cli, early data status, server rejects early data +tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS + +TLS 1.3 cli, early data status, hello retry request +tls13_cli_early_data_status:TEST_EARLY_DATA_HRR + +TLS 1.3 write early data, early data accepted +tls13_write_early_data:TEST_EARLY_DATA_ACCEPTED + +TLS 1.3 write early data, no early data indication +tls13_write_early_data:TEST_EARLY_DATA_NO_INDICATION_SENT + +TLS 1.3 write early data, server rejects early data +tls13_write_early_data:TEST_EARLY_DATA_SERVER_REJECTS + +TLS 1.3 write early data, hello retry request +tls13_write_early_data:TEST_EARLY_DATA_HRR + +TLS 1.3 srv, max early data size, dflt, wsz=96 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:96 + +TLS 1.3 srv, max early data size, dflt, wsz=128 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:128 + +TLS 1.3 srv, max early data size, 3, wsz=2 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:2 + +TLS 1.3 srv, max early data size, 3, wsz=3 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:3 + +TLS 1.3 srv, max early data size, 98, wsz=23 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:23 + +TLS 1.3 srv, max early data size, 98, wsz=49 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:49 + +TLS 1.3 srv, max early data size, server rejects, dflt, wsz=128 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:128 + +TLS 1.3 srv, max early data size, server rejects, 3, wsz=3 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:3 + +TLS 1.3 srv, max early data size, server rejects, 98, wsz=49 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:98:49 + +TLS 1.3 srv, max early data size, HRR, dflt, wsz=128 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:128 + +TLS 1.3 srv, max early data size, HRR, 3, wsz=3 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3 + +TLS 1.3 srv, max early data size, HRR, 98, wsz=49 +tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8a03d1b..6e95817 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -12,6 +12,53 @@ #define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 } +/* Mnemonics for the early data test scenarios */ +#define TEST_EARLY_DATA_ACCEPTED 0 +#define TEST_EARLY_DATA_NO_INDICATION_SENT 1 +#define TEST_EARLY_DATA_SERVER_REJECTS 2 +#define TEST_EARLY_DATA_HRR 3 + +#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ + defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \ + defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA256) && \ + defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \ + defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS) +/* + * Test function to write early data for negative tests where + * mbedtls_ssl_write_early_data() cannot be used. + */ +static int write_early_data(mbedtls_ssl_context *ssl, + unsigned char *buf, size_t len) +{ + int ret = mbedtls_ssl_get_max_out_record_payload(ssl); + + TEST_ASSERT(ret > 0); + TEST_LE_U(len, (size_t) ret); + + ret = mbedtls_ssl_flush_output(ssl); + TEST_EQUAL(ret, 0); + TEST_EQUAL(ssl->out_left, 0); + + ssl->out_msglen = len; + ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; + if (len > 0) { + memcpy(ssl->out_msg, buf, len); + } + + ret = mbedtls_ssl_write_record(ssl, 1); + TEST_EQUAL(ret, 0); + + ret = len; + +exit: + return ret; +} +#endif + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -1125,6 +1172,8 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); + TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); /* Read previous record numbers */ @@ -1941,7 +1990,6 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, USE_PSA_INIT(); /* Prepare a dummy session to work on */ - ((void) endpoint_type); ((void) tls_version); ((void) ticket_len); ((void) crt_file); @@ -1955,7 +2003,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &original, ticket_len, crt_file) == 0); + &original, ticket_len, endpoint_type, crt_file) == 0); } #endif @@ -1973,28 +2021,16 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, * Make sure both session structures are identical */ #if defined(MBEDTLS_HAVE_TIME) - switch (tls_version) { -#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SRV_C) - case MBEDTLS_SSL_VERSION_TLS1_3: - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); - break; -#endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - case MBEDTLS_SSL_VERSION_TLS1_2: - TEST_ASSERT(original.start == restored.start); - break; -#endif - - default: - /* should never happen */ - TEST_ASSERT(0); - break; + if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { + TEST_ASSERT(original.start == restored.start); } - - +#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) + TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); #endif +#endif /* MBEDTLS_HAVE_TIME */ TEST_ASSERT(original.tls_version == restored.tls_version); + TEST_ASSERT(original.endpoint == restored.endpoint); TEST_ASSERT(original.ciphersuite == restored.ciphersuite); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_2) { @@ -2053,7 +2089,6 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(original.endpoint == restored.endpoint); TEST_ASSERT(original.ciphersuite == restored.ciphersuite); TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); TEST_ASSERT(original.ticket_flags == restored.ticket_flags); @@ -2071,11 +2106,6 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, original.max_early_data_size == restored.max_early_data_size); #endif -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { - TEST_ASSERT(original.ticket_creation_time == restored.ticket_creation_time); - } -#endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { #if defined(MBEDTLS_HAVE_TIME) @@ -2123,7 +2153,6 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, USE_PSA_INIT(); /* Prepare a dummy session to work on */ - ((void) endpoint_type); ((void) ticket_len); ((void) crt_file); @@ -2138,7 +2167,7 @@ void ssl_serialize_session_load_save(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); + &session, ticket_len, endpoint_type, crt_file) == 0); break; #endif default: @@ -2197,7 +2226,6 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, USE_PSA_INIT(); /* Prepare dummy session and get serialized size */ - ((void) endpoint_type); ((void) ticket_len); ((void) crt_file); @@ -2211,7 +2239,7 @@ void ssl_serialize_session_save_buf_size(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); + &session, ticket_len, endpoint_type, crt_file) == 0); break; #endif default: @@ -2257,7 +2285,6 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, USE_PSA_INIT(); /* Prepare serialized session data */ - ((void) endpoint_type); ((void) ticket_len); ((void) crt_file); @@ -2272,7 +2299,7 @@ void ssl_serialize_session_load_buf_size(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, ticket_len, crt_file) == 0); + &session, ticket_len, endpoint_type, crt_file) == 0); break; #endif @@ -2329,7 +2356,6 @@ void ssl_session_serialize_version_check(int corrupt_major, mbedtls_ssl_session_init(&session); USE_PSA_INIT(); - ((void) endpoint_type); switch (tls_version) { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) @@ -2341,7 +2367,7 @@ void ssl_session_serialize_version_check(int corrupt_major, #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case MBEDTLS_SSL_VERSION_TLS1_2: TEST_ASSERT(mbedtls_test_ssl_tls12_populate_session( - &session, 0, NULL) == 0); + &session, 0, endpoint_type, NULL) == 0); break; #endif @@ -2409,7 +2435,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) MD_OR_USE_PSA_INIT(); ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg, @@ -2417,7 +2443,7 @@ void mbedtls_endpoint_sanity(int endpoint_type) TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret); ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); exit: @@ -2461,14 +2487,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int mbedtls_platform_zeroize(&second_ep, sizeof(second_ep)); ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options, - NULL, NULL, NULL, NULL); + NULL, NULL, NULL); TEST_ASSERT(ret == 0); ret = mbedtls_test_ssl_endpoint_init( &second_ep, (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, NULL); + &options, NULL, NULL, NULL); TEST_ASSERT(ret == 0); @@ -2896,6 +2922,7 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -2937,6 +2964,8 @@ void conf_curve() mbedtls_ssl_init(&ssl); MD_OR_USE_PSA_INIT(); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); + TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); @@ -2968,6 +2997,7 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); @@ -3021,11 +3051,10 @@ void force_bad_session_id_len() TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, &options, NULL, NULL, - NULL, NULL) == 0); + NULL) == 0); TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, NULL, - NULL) == 0); + &options, NULL, NULL, NULL) == 0); mbedtls_debug_set_threshold(1); mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun, @@ -3077,6 +3106,7 @@ void cookie_parsing(data_t *cookie, int exp_ret) MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, @@ -3131,6 +3161,7 @@ void cid_sanity() MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3200,8 +3231,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_test_ssl_endpoint client, server; mbedtls_psa_stats_t stats; size_t free_slots_before = -1; - mbedtls_test_handshake_test_options options; - mbedtls_test_init_handshake_options(&options); + mbedtls_test_handshake_test_options client_options, server_options; + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, MBEDTLS_SSL_IANA_TLS_GROUP_NONE }; @@ -3209,21 +3241,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) mbedtls_platform_zeroize(&client, sizeof(client)); mbedtls_platform_zeroize(&server, sizeof(server)); - options.pk_alg = MBEDTLS_PK_ECDSA; - options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; - options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; - /* Client side, force SECP256R1 to make one key bitflip fail * the raw key agreement. Flipping the first byte makes the * required 0x04 identifier invalid. */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = iana_tls_group_list; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT, - &options, NULL, NULL, - NULL, iana_tls_group_list), 0); + &client_options, NULL, NULL, + NULL), 0); /* Server side */ + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2; + server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2; TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER, - &options, NULL, NULL, - NULL, NULL), 0); + &server_options, NULL, NULL, + NULL), 0); TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket), &(server.socket), @@ -3259,7 +3292,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key) exit: mbedtls_test_ssl_endpoint_free(&client, NULL); mbedtls_test_ssl_endpoint_free(&server, NULL); - mbedtls_test_free_handshake_options(&options); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); MD_OR_USE_PSA_DONE(); } @@ -3288,15 +3322,13 @@ void tls13_server_certificate_msg_invalid_vector_len() client_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, - &client_options, NULL, NULL, NULL, - NULL); + &client_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); mbedtls_test_init_handshake_options(&server_options); server_options.pk_alg = MBEDTLS_PK_ECDSA; ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, - &server_options, NULL, NULL, NULL, - NULL); + &server_options, NULL, NULL, NULL); TEST_EQUAL(ret, 0); ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), @@ -3388,6 +3420,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); @@ -3519,3 +3552,1209 @@ exit: MD_OR_USE_PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_resume_session_with_ticket() +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Handshake with ticket. + * + * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not + * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks + * below. + */ + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0); + + TEST_EQUAL(server_ep.ssl.handshake->resume, 1); + TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1); + TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode, + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ + +/* + * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_read_early_data() below is + * a temporary workaround to not run the test in Windows-2013 where there is + * an issue with mbedtls_vsnprintf(). + */ +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_read_early_data(int scenario) +{ + int ret = -1; + unsigned char buf[64]; + const char *early_data = "This is early data."; + size_t early_data_len = strlen(early_data); + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = group_list; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: deprotect and discard app data records."; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_HRR: + mbedtls_debug_set_threshold(3); + server_pattern.pattern = + "EarlyData: Ignore application message before 2nd ClientHello"; + server_options.group_list = group_list + 1; + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + server_options.srv_log_obj = &server_pattern; + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Handshake with ticket and send early data. + */ + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO), 0); + + ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), + (unsigned char *) early_data, + early_data_len); + + if (client_ep.ssl.early_data_status != + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) { + TEST_EQUAL(ret, early_data_len); + } else { + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + } + + ret = mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_WRAPUP); + + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); + TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1); + TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl), + buf, sizeof(buf)), early_data_len); + TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(ret, 0); + TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(ret, 0); + TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0); + TEST_EQUAL(server_pattern.counter, 1); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + mbedtls_debug_set_threshold(0); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_cli_early_data_status(int scenario) +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + if (scenario == TEST_EARLY_DATA_HRR) { + client_options.group_list = group_list; + server_options.group_list = group_list; + } + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_HRR: + server_options.group_list = group_list + 1; + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Go through the handshake sequence, state by state, checking the early + * data status each time. + */ + do { + int state = client_ep.ssl.state; + + /* Progress the handshake from at least one state */ + while (client_ep.ssl.state == state) { + ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + if (client_ep.ssl.state != state) { + break; + } + ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + } + + if (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { + TEST_EQUAL(mbedtls_ssl_get_early_data_status(&(client_ep.ssl)), + MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + } + + switch (client_ep.ssl.state) { + case MBEDTLS_SSL_CLIENT_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + break; + + case TEST_EARLY_DATA_HRR: + if (!client_ep.ssl.handshake->hello_retry_request_flag) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_SERVER_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_HRR: + if (!client_ep.ssl.handshake->hello_retry_request_flag) { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + } else { + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + } + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_SERVER_FINISHED: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_END_OF_EARLY_DATA: + TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case MBEDTLS_SSL_CLIENT_CERTIFICATE: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_CLIENT_FINISHED: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SENT); + break; + + default: + TEST_FAIL("Unexpected or unknown scenario."); + } + break; + + case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: + TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR); + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: + switch (scenario) { + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unexpected or unknown scenario."); + } + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + + case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_OVER: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(client_ep.ssl.early_data_status, + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + default: + TEST_FAIL("Unexpected state."); + } + } while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER); + + ret = mbedtls_ssl_get_early_data_status(&(client_ep.ssl)); + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED); + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(ret, MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + ret = mbedtls_ssl_get_early_data_status(&(server_ep.ssl)); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_BAD_INPUT_DATA); + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + TEST_EQUAL(client_ep.ssl.handshake->ccs_sent, 1); +#endif + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_write_early_data(int scenario) +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; + int beyond_first_hello = 0; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + + PSA_INIT(); + + /* + * Run first handshake to get a ticket from the server. + */ + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + if (scenario == TEST_EARLY_DATA_HRR) { + client_options.group_list = group_list; + server_options.group_list = group_list; + } + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + case TEST_EARLY_DATA_NO_INDICATION_SENT: + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + break; + + case TEST_EARLY_DATA_HRR: + /* + * Remove server support for the group negotiated in + * mbedtls_test_get_tls13_ticket() forcing a HelloRetryRequest. + */ + server_options.group_list = group_list + 1; + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Run handshakes going one state further in the handshake sequence at each + * loop up to the point where we reach the MBEDTLS_SSL_HANDSHAKE_OVER + * state. For each reached handshake state, check the result of the call + * to mbedtls_ssl_write_early_data(), make sure we can complete the + * handshake successfully and then reset the connection to restart the + * handshake from scratch. + */ + do { + int client_state = client_ep.ssl.state; + int previous_client_state; + const char *early_data_string = "This is early data."; + const unsigned char *early_data = (const unsigned char *) early_data_string; + size_t early_data_len = strlen(early_data_string); + int write_early_data_ret, read_early_data_ret; + unsigned char read_buf[64]; + + write_early_data_ret = mbedtls_ssl_write_early_data(&(client_ep.ssl), + early_data, + early_data_len); + + if (scenario == TEST_EARLY_DATA_NO_INDICATION_SENT) { + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, client_state); + goto complete_handshake; + } + + switch (client_state) { + case MBEDTLS_SSL_HELLO_REQUEST: /* Intentional fallthrough */ + case MBEDTLS_SSL_CLIENT_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + break; + + case TEST_EARLY_DATA_HRR: + if (!client_ep.ssl.handshake->hello_retry_request_flag) { + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + } else { + beyond_first_hello = 1; + TEST_EQUAL(write_early_data_ret, + MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_HELLO); + } + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_SERVER_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + break; + + case TEST_EARLY_DATA_HRR: + if (!client_ep.ssl.handshake->hello_retry_request_flag) { + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + } else { + TEST_EQUAL(write_early_data_ret, + MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + } + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); + break; + + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_SERVER_FINISHED: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); + break; + + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_FINISHED); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_END_OF_EARLY_DATA: + TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED); + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_END_OF_EARLY_DATA); + break; + +#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE) + case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(write_early_data_ret, early_data_len); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_SERVER_HELLO); + break; + default: + TEST_FAIL("Unknown scenario."); + } + break; + + case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO: + TEST_EQUAL(scenario, TEST_EARLY_DATA_HRR); + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO); + break; + + case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED: + switch (scenario) { + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(write_early_data_ret, + MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, + MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED); + break; + default: + TEST_FAIL("Unexpected or unknown scenario."); + } + break; +#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ + + case MBEDTLS_SSL_CLIENT_CERTIFICATE: /* Intentional fallthrough */ + case MBEDTLS_SSL_CLIENT_FINISHED: /* Intentional fallthrough */ + case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */ + case MBEDTLS_SSL_HANDSHAKE_OVER: + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */ + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + TEST_EQUAL(write_early_data_ret, MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA); + TEST_EQUAL(client_ep.ssl.state, client_state); + break; + default: + TEST_FAIL("Unknown scenario."); + } + break; + + default: + TEST_FAIL("Unexpected state."); + } + +complete_handshake: + do { + ret = mbedtls_test_move_handshake_to_state( + &(server_ep.ssl), &(client_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER); + + if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) { + read_early_data_ret = mbedtls_ssl_read_early_data( + &(server_ep.ssl), read_buf, sizeof(read_buf)); + + TEST_EQUAL(read_early_data_ret, early_data_len); + } + } while (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); + + TEST_EQUAL(ret, 0); + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_HANDSHAKE_OVER), 0); + + mbedtls_test_mock_socket_close(&(client_ep.socket)); + mbedtls_test_mock_socket_close(&(server_ep.socket)); + + ret = mbedtls_ssl_session_reset(&(client_ep.ssl)); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + ret = mbedtls_ssl_session_reset(&(server_ep.ssl)); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + previous_client_state = client_state; + if (previous_client_state == MBEDTLS_SSL_HANDSHAKE_OVER) { + break; + } + + /* In case of HRR scenario, once we have been through it, move over + * the first ClientHello and ServerHello otherwise we just keep playing + * this first part of the handshake with HRR. + */ + if ((scenario == TEST_EARLY_DATA_HRR) && (beyond_first_hello)) { + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO) == 0); + TEST_ASSERT(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_CLIENT_HELLO) == 0); + } + + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + previous_client_state), 0); + + /* Progress the handshake from at least one state */ + while (client_ep.ssl.state == previous_client_state) { + ret = mbedtls_ssl_handshake_step(&(client_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + if (client_ep.ssl.state != previous_client_state) { + break; + } + ret = mbedtls_ssl_handshake_step(&(server_ep.ssl)); + TEST_ASSERT((ret == 0) || + (ret == MBEDTLS_ERR_SSL_WANT_READ) || + (ret == MBEDTLS_ERR_SSL_WANT_WRITE)); + } + } while (1); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + PSA_DONE(); +} +/* END_CASE */ + +/* + * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is + * a temporary workaround to not run the test in Windows-2013 where there is + * an issue with mbedtls_vsnprintf(). + */ +/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */ +void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg) +{ + int ret = -1; + mbedtls_test_ssl_endpoint client_ep, server_ep; + mbedtls_test_handshake_test_options client_options; + mbedtls_test_handshake_test_options server_options; + mbedtls_ssl_session saved_session; + mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 }; + uint16_t group_list[3] = { + MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, + MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, + MBEDTLS_SSL_IANA_TLS_GROUP_NONE + }; + char pattern[128]; + unsigned char *buf_write = NULL; + uint32_t write_size = (uint32_t) write_size_arg; + unsigned char *buf_read = NULL; + uint32_t read_size; + uint32_t expanded_early_data_chunk_size = 0; + uint32_t written_early_data_size = 0; + uint32_t max_early_data_size; + + mbedtls_platform_zeroize(&client_ep, sizeof(client_ep)); + mbedtls_platform_zeroize(&server_ep, sizeof(server_ep)); + mbedtls_test_init_handshake_options(&client_options); + mbedtls_test_init_handshake_options(&server_options); + mbedtls_ssl_session_init(&saved_session); + PSA_INIT(); + + TEST_CALLOC(buf_write, write_size); + + /* + * Allocate a smaller buffer for early data reading to exercise the reading + * of data in one record in multiple calls. + */ + read_size = (write_size / 2) + 1; + TEST_CALLOC(buf_read, read_size); + + /* + * Run first handshake to get a ticket from the server. + */ + + client_options.pk_alg = MBEDTLS_PK_ECDSA; + client_options.group_list = group_list; + client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.pk_alg = MBEDTLS_PK_ECDSA; + server_options.group_list = group_list; + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED; + server_options.max_early_data_size = max_early_data_size_arg; + + ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options, + &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Prepare for handshake with the ticket. + */ + server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer; + server_options.srv_log_obj = &server_pattern; + server_pattern.pattern = pattern; + + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: + server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED; + ret = mbedtls_snprintf(pattern, sizeof(pattern), + "EarlyData: deprotect and discard app data records."); + TEST_ASSERT(ret < (int) sizeof(pattern)); + mbedtls_debug_set_threshold(3); + break; + + case TEST_EARLY_DATA_HRR: + /* + * Remove server support for the group negotiated in + * mbedtls_test_get_tls13_ticket() forcing an HelloRetryRequest. + */ + server_options.group_list = group_list + 1; + ret = mbedtls_snprintf( + pattern, sizeof(pattern), + "EarlyData: Ignore application message before 2nd ClientHello"); + TEST_ASSERT(ret < (int) sizeof(pattern)); + mbedtls_debug_set_threshold(3); + break; + + default: + TEST_FAIL("Unknown scenario."); + } + + ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT, + &client_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER, + &server_options, NULL, NULL, NULL); + TEST_EQUAL(ret, 0); + + mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf, + mbedtls_test_ticket_write, + mbedtls_test_ticket_parse, + NULL); + + ret = mbedtls_test_mock_socket_connect(&(client_ep.socket), + &(server_ep.socket), 1024); + TEST_EQUAL(ret, 0); + + max_early_data_size = saved_session.max_early_data_size; + + ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session); + TEST_EQUAL(ret, 0); + + /* + * Start an handshake based on the ticket up to the point where early data + * can be sent from client side. Then send in a loop as much early data as + * possible without going over the maximum permitted size for the ticket. + * Finally, do a last writting to go past that maximum permitted size and + * check that we detect it. + */ + TEST_EQUAL(mbedtls_test_move_handshake_to_state( + &(client_ep.ssl), &(server_ep.ssl), + MBEDTLS_SSL_SERVER_HELLO), 0); + + TEST_ASSERT(client_ep.ssl.early_data_status != + MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT); + + ret = mbedtls_ssl_handshake(&(server_ep.ssl)); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ); + + /* + * Write and if possible read as much as possible chunks of write_size + * bytes data without getting over the max_early_data_size limit. + */ + do { + uint32_t read_early_data_size = 0; + + /* + * The contents of the early data are not very important, write a + * pattern that varies byte-by-byte and is different for every chunk of + * early data. + */ + if ((written_early_data_size + write_size) > max_early_data_size) { + break; + } + + /* + * If the server rejected early data, base the determination of when + * to stop the loop on the expanded size (padding and encryption + * expansion) of early data on server side and the number of early data + * received so far by the server (multiple of the expanded size). + */ + if ((expanded_early_data_chunk_size != 0) && + ((server_ep.ssl.total_early_data_size + + expanded_early_data_chunk_size) > max_early_data_size)) { + break; + } + + for (size_t i = 0; i < write_size; i++) { + buf_write[i] = (unsigned char) (written_early_data_size + i); + } + + ret = write_early_data(&(client_ep.ssl), buf_write, write_size); + TEST_EQUAL(ret, write_size); + written_early_data_size += write_size; + + switch (scenario) { + case TEST_EARLY_DATA_ACCEPTED: + while (read_early_data_size < write_size) { + ret = mbedtls_ssl_handshake(&(server_ep.ssl)); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA); + + ret = mbedtls_ssl_read_early_data(&(server_ep.ssl), + buf_read, read_size); + TEST_ASSERT(ret > 0); + + TEST_MEMORY_COMPARE(buf_read, ret, + buf_write + read_early_data_size, ret); + read_early_data_size += ret; + + TEST_EQUAL(server_ep.ssl.total_early_data_size, + written_early_data_size); + } + break; + + case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */ + case TEST_EARLY_DATA_HRR: + ret = mbedtls_ssl_handshake(&(server_ep.ssl)); + /* + * In this write loop we try to always stay below the + * max_early_data_size limit but if max_early_data_size is very + * small we may exceed the max_early_data_size limit on the + * first write. In TEST_EARLY_DATA_SERVER_REJECTS/ + * TEST_EARLY_DATA_HRR scenario, this is for sure the case if + * max_early_data_size is smaller than the smallest possible + * inner content/protected record. Take into account this + * possibility here but only for max_early_data_size values + * that are close to write_size. Below, '1' is for the inner + * type byte and '16' is to take into account some AEAD + * expansion (tag, ...). + */ + if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) { + if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) { + TEST_LE_U(max_early_data_size, + write_size + 1 + + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); + } else { + TEST_LE_U(max_early_data_size, + write_size + 1 + 16 + + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY); + } + goto exit; + } + + TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ); + + TEST_EQUAL(server_pattern.counter, 1); + server_pattern.counter = 0; + if (expanded_early_data_chunk_size == 0) { + expanded_early_data_chunk_size = server_ep.ssl.total_early_data_size; + } + break; + } + TEST_LE_U(server_ep.ssl.total_early_data_size, max_early_data_size); + } while (1); + + mbedtls_debug_set_threshold(3); + ret = write_early_data(&(client_ep.ssl), buf_write, write_size); + TEST_EQUAL(ret, write_size); + + ret = mbedtls_snprintf(pattern, sizeof(pattern), + "EarlyData: Too much early data received"); + TEST_ASSERT(ret < (int) sizeof(pattern)); + + ret = mbedtls_ssl_handshake(&(server_ep.ssl)); + TEST_EQUAL(ret, MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE); + TEST_EQUAL(server_pattern.counter, 1); + +exit: + mbedtls_test_ssl_endpoint_free(&client_ep, NULL); + mbedtls_test_ssl_endpoint_free(&server_ep, NULL); + mbedtls_test_free_handshake_options(&client_options); + mbedtls_test_free_handshake_options(&server_options); + mbedtls_ssl_session_free(&saved_session); + mbedtls_free(buf_write); + mbedtls_free(buf_read); + mbedtls_debug_set_threshold(0); + PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 261c220..754660c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1774,7 +1774,7 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -3155,6 +3155,18 @@ X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's paramet depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256 x509parse_crt_file:"data_files/parse_input/server5.crt":0 +X509 File parse & read the ca_istrue field (Not Set) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1 +mbedtls_x509_get_ca_istrue:"data_files/parse_input/server1.crt":0 + +X509 File parse & read the ca_istrue field (Set) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1 +mbedtls_x509_get_ca_istrue:"data_files/test-ca.crt":1 + +X509 File parse & read the ca_istrue field (Legacy Certificate) +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256 +mbedtls_x509_get_ca_istrue:"data_files/server1-v1.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c2a2f55..f3ae0f4 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -4,6 +4,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/x509_csr.h" +#include "x509_internal.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/base64.h" @@ -1082,6 +1083,21 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */ +void mbedtls_x509_get_ca_istrue(char *crt_file, int result) +{ + mbedtls_x509_crt crt; + mbedtls_x509_crt_init(&crt); + USE_PSA_INIT(); + + TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0); + TEST_EQUAL(mbedtls_x509_crt_get_ca_istrue(&crt), result); +exit: + mbedtls_x509_crt_free(&crt); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ void x509parse_crt(data_t *buf, char *result_str, int result) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 1d8b87c..1db7e1c 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -2,6 +2,7 @@ #include "mbedtls/bignum.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" +#include "x509_internal.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/rsa.h" @@ -283,7 +284,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, { mbedtls_pk_context key; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_algorithm_t md_alg_psa, alg_psa; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; mbedtls_x509write_csr req; unsigned char buf[4096]; int ret; @@ -296,24 +297,16 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); - TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); - mbedtls_pk_init(&key); TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL) == 0); - if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) { - alg_psa = PSA_ALG_ECDSA(md_alg_psa); - } else if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) { - alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa); - } else { - TEST_ASSUME(!"PK key type not supported in this configuration"); - } - - TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, alg_psa, - PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_NONE) == 0); + /* Turn the PK context into an opaque one. */ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0); + mbedtls_pk_free(&key); + mbedtls_pk_init(&key); + TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0); mbedtls_x509write_csr_set_md_alg(&req, md_type); mbedtls_x509write_csr_set_key(&req, &key); @@ -372,6 +365,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_test_rnd_pseudo_info rnd_info; #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; #endif mbedtls_pk_type_t issuer_key_type; mbedtls_x509_san_list san_ip; @@ -450,24 +444,14 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - /* For Opaque PK contexts, wrap key as an Opaque RSA context. */ + /* Turn the issuer PK context into an opaque one. */ if (pk_wrap == 2) { - psa_algorithm_t alg_psa, md_alg_psa; - - md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); - TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); - - if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) { - alg_psa = PSA_ALG_ECDSA(md_alg_psa); - } else if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) { - alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa); - } else { - TEST_ASSUME(!"PK key type not supported in this configuration"); - } - - TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&issuer_key, &key_id, alg_psa, - PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_NONE) == 0); + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH, + &key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0); + mbedtls_pk_free(&issuer_key); + mbedtls_pk_init(&issuer_key); + TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ |