lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-11 21:41:47 +03:00
Code Activity

Merge remote-tracking branch 'dev' into test_suite_config-booleans

Browse Source 
Reconcile the framework submodule heads to the latest one.
This commit is contained in:
Gilles Peskine
2024-07-02 14:24:27 +02:00
parent 3bf375cf25 76ac620d70
commit 1b22dd8765
104 changed files with 17210 additions and 1254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
3rdparty/everest/CMakeLists.txt vendored
View File

@ -9,6 +9,7 @@ target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE include/everest
include/everest/kremlib

1
3rdparty/p256-m/CMakeLists.txt vendored
View File

@ -9,6 +9,7 @@ target_include_directories(${p256m_target}
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/)

18
CMakeLists.txt
View File

@ -73,10 +73,16 @@ endif()
option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT})
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
if (CMAKE_C_SIMULATE_ID)
set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
else()
set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
endif(CMAKE_C_SIMULATE_ID)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
@ -184,8 +190,6 @@ function(get_name_without_last_ext dest_var full_name)
set(${dest_var} ${no_ext_name} PARENT_SCOPE)
endfunction(get_name_without_last_ext)
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
include(CheckCCompilerFlag)
set(CMAKE_C_EXTENSIONS OFF)
@ -352,6 +356,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
# Request C11, needed for memory poisoning tests
set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
@ -363,6 +368,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)

5
ChangeLog.d/9126.txt Normal file
View File

@ -0,0 +1,5 @@
Default behavior changes
* In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
!MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
corresponding PSA mechanism is enabled, since the server provides the
crypto. Fixes #9126.

3
ChangeLog.d/fix-test-suite-pk-warnings.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
Fixes #9029.

3
ChangeLog.d/remove-via-padlock-support.txt Normal file
View File

@ -0,0 +1,3 @@
Removals
* Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
Fixes #5903.

6
Makefile
View File

@ -95,6 +95,7 @@ ifndef WINDOWS
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -rp include/mbedtls $(DESTDIR)/include
cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/include/psa
cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include
@ -198,6 +199,7 @@ C_SOURCE_FILES = $(wildcard \
include/*/*.h \
library/*.[hc] \
tf-psa-crypto/include/*/*.h \
tf-psa-crypto/drivers/builtin/include/*/*.h \
programs/*/*.[hc] \
tests/include/*/*.h tests/include/*/*/*.h \
tests/src/*.c tests/src/*/*.c \
@ -214,5 +216,7 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \
-Itf-psa-crypto/drivers/builtin/include \
$(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
.PHONY: cscope global

2
SECURITY.md
View File

@ -128,7 +128,7 @@ even a remote. The attacks can result in key recovery.
- Turn on hardware acceleration for AES. This is supported only on selected
architectures and currently only available for AES. See configuration options
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details.
`MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details.
- Add a secure alternative implementation (typically hardware acceleration) for
the vulnerable cipher. See the [Alternative Implementations
Guide](docs/architecture/alternative-implementations.md) for more information.

1
configs/ext/tfm_mbedcrypto_config_profile_medium.h
View File

@ -56,7 +56,6 @@
*
* Required by:
* MBEDTLS_AESNI_C
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/

2
docs/architecture/alternative-implementations.md
View File

@ -46,7 +46,7 @@ Generally, alternative implementations can define their context types to any C t
Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
* If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.

4
doxygen/mbedtls.doxyfile
View File

@ -6,7 +6,7 @@ EXTRACT_ALL = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CASE_SENSE_NAMES = NO
INPUT = ../include ../tf-psa-crypto/include input ../tests/include/alt-dummy
INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy
FILE_PATTERNS = *.h
RECURSIVE = YES
EXCLUDE_SYMLINKS = YES
@ -21,7 +21,7 @@ GENERATE_LATEX = NO
GENERATE_XML = YES
MACRO_EXPANSION = YES
EXPAND_ONLY_PREDEF = YES
INCLUDE_PATH = ../include ../tf-psa-crypto/include
INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include
EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
CLASS_DIAGRAMS = NO
HAVE_DOT = YES

16
include/mbedtls/mbedtls_config.h
View File

@ -40,12 +40,10 @@
* library/aria.c
* library/bn_mul.h
* library/constant_time.c
* library/padlock.h
*
* Required by:
* MBEDTLS_AESCE_C
* MBEDTLS_AESNI_C (on some platforms)
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/
@ -3010,20 +3008,6 @@
*/
#define MBEDTLS_OID_C
/**
* \def MBEDTLS_PADLOCK_C
*
* Enable VIA Padlock support on x86.
*
* Module: library/padlock.c
* Caller: library/aes.c
*
* Requires: MBEDTLS_HAVE_ASM
*
* This modules adds support for the VIA PadLock on x86.
*/
#define MBEDTLS_PADLOCK_C
/**
* \def MBEDTLS_PEM_PARSE_C
*

11
library/CMakeLists.txt
View File

@ -53,7 +53,6 @@ set(src_crypto
memory_buffer_alloc.c
nist_kw.c
oid.c
padlock.c
pem.c
pk.c
pk_ecc.c
@ -130,19 +129,22 @@ set(src_tls
if(GEN_FILES)
find_package(Perl REQUIRED)
file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls/*.h)
file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/error.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
${CMAKE_CURRENT_BINARY_DIR}/error.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
${error_headers}
${crypto_error_headers}
${tls_error_headers}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
)
@ -171,7 +173,7 @@ if(GEN_FILES)
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
${error_headers}
${tls_error_headers}
)
add_custom_command(
@ -330,6 +332,7 @@ foreach(target IN LISTS target_libraries)
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include/>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include/>
$<INSTALL_INTERFACE:include/>
PRIVATE ${MBEDTLS_DIR}/library/
# Needed to include psa_crypto_driver_wrappers.h

7
library/Makefile
View File

@ -28,11 +28,13 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
# Include ../include, ../tf-psa-crypto/include for public headers and . for
# Include ../include, ../tf-psa-crypto/include and
# ../tf-psa-crypto/drivers/builtin/include for public headers and . for
# private headers. Note that . needs to be included explicitly for the sake of
# library files that are not in the /library directory (which currently means
# under /3rdparty).
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include -D_FILE_OFFSET_BITS=64
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \
-I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
@ -145,7 +147,6 @@ OBJS_CRYPTO= \
memory_buffer_alloc.o \
nist_kw.o \
oid.o \
padlock.o \
pem.o \
pk.o \
pk_ecc.o \

70
library/aes.c
View File

@ -30,21 +30,6 @@
#endif
#endif
#if defined(MBEDTLS_ARCH_IS_X86)
#if defined(MBEDTLS_PADLOCK_C)
#if !defined(MBEDTLS_HAVE_ASM)
#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
"MBEDTLS_PADLOCK_C is set"
#endif
#endif
#endif
#if defined(MBEDTLS_PADLOCK_C)
#include "padlock.h"
#endif
#if defined(MBEDTLS_AESNI_C)
#include "aesni.h"
#endif
@ -67,10 +52,6 @@
#if !defined(MBEDTLS_AES_ALT)
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
static int aes_padlock_ace = -1;
#endif
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
* Forward S-box
@ -527,8 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
(defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
#define MAY_NEED_TO_ALIGN
#endif
@ -537,15 +517,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace == -1) {
aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
}
if (aes_padlock_ace) {
align_16_bytes = 1;
}
#endif
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
align_16_bytes = 1;
@ -1000,13 +971,15 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
/* VIA Padlock and our intrinsics-based implementation of AESNI require
* the round keys to be aligned on a 16-byte boundary. We take care of this
* before creating them, but the AES context may have moved (this can happen
* if the library is called from a language with managed memory), and in later
* calls it might have a different alignment with respect to 16-byte memory.
* So we may need to realign.
/*
* Our intrinsics-based implementation of AESNI requires the round keys to be
* aligned on a 16-byte boundary. We take care of this before creating them,
* but the AES context may have moved (this can happen if the library is
* called from a language with managed memory), and in later calls it might
* have a different alignment with respect to 16-byte memory. So we may need
* to realign.
*/
#if defined(MAY_NEED_TO_ALIGN)
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
@ -1017,7 +990,7 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
ctx->rk_offset = new_offset;
}
}
#endif /* MAY_NEED_TO_ALIGN */
/*
* AES-ECB block encryption/decryption
*/
@ -1046,12 +1019,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
}
#endif
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
#endif
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_DECRYPT) {
@ -1092,18 +1059,6 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (aes_padlock_ace > 0) {
if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
return 0;
}
// If padlock data misaligned, we just fall back to
// unaccelerated mode
//
}
#endif
const unsigned char *ivp = iv;
if (mode == MBEDTLS_AES_DECRYPT) {
@ -1860,11 +1815,6 @@ int mbedtls_aes_self_test(int verbose)
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
mbedtls_printf(" AES note: using VIA Padlock.\n");
} else
#endif
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");

157
library/padlock.c
View File

@ -1,157 +0,0 @@
/*
* VIA PadLock support functions
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This implementation is based on the VIA PadLock Programming Guide:
*
* http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
* programming_guide.pdf
*/
#include "common.h"
#if defined(MBEDTLS_PADLOCK_C)
#include "padlock.h"
#include <string.h>
#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
/*
* PadLock detection routine
*/
int mbedtls_padlock_has_support(int feature)
{
static int flags = -1;
int ebx = 0, edx = 0;
if (flags == -1) {
asm ("movl %%ebx, %0 \n\t"
"movl $0xC0000000, %%eax \n\t"
"cpuid \n\t"
"cmpl $0xC0000001, %%eax \n\t"
"movl $0, %%edx \n\t"
"jb 1f \n\t"
"movl $0xC0000001, %%eax \n\t"
"cpuid \n\t"
"1: \n\t"
"movl %%edx, %1 \n\t"
"movl %2, %%ebx \n\t"
: "=m" (ebx), "=m" (edx)
: "m" (ebx)
: "eax", "ecx", "edx");
flags = edx;
}
return flags & feature;
}
/*
* PadLock AES-ECB block en(de)cryption
*/
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16])
{
int ebx = 0;
uint32_t *rk;
uint32_t *blk;
uint32_t *ctrl;
unsigned char buf[256];
rk = ctx->buf + ctx->rk_offset;
if (((long) rk & 15) != 0) {
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
}
blk = MBEDTLS_PADLOCK_ALIGN16(buf);
memcpy(blk, input, 16);
ctrl = blk + 4;
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl $1, %%ecx \n\t"
"movl %2, %%edx \n\t"
"movl %3, %%ebx \n\t"
"movl %4, %%esi \n\t"
"movl %4, %%edi \n\t"
".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
: "memory", "ecx", "edx", "esi", "edi");
memcpy(output, blk, 16);
return 0;
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
/*
* PadLock AES-CBC buffer en(de)cryption
*/
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output)
{
int ebx = 0;
size_t count;
uint32_t *rk;
uint32_t *iw;
uint32_t *ctrl;
unsigned char buf[256];
rk = ctx->buf + ctx->rk_offset;
if (((long) input & 15) != 0 ||
((long) output & 15) != 0 ||
((long) rk & 15) != 0) {
return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
}
iw = MBEDTLS_PADLOCK_ALIGN16(buf);
memcpy(iw, iv, 16);
ctrl = iw + 4;
*ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
count = (length + 15) >> 4;
asm ("pushfl \n\t"
"popfl \n\t"
"movl %%ebx, %0 \n\t"
"movl %2, %%ecx \n\t"
"movl %3, %%edx \n\t"
"movl %4, %%ebx \n\t"
"movl %5, %%esi \n\t"
"movl %6, %%edi \n\t"
"movl %7, %%eax \n\t"
".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
"movl %1, %%ebx \n\t"
: "=m" (ebx)
: "m" (ebx), "m" (count), "m" (ctrl),
"m" (rk), "m" (input), "m" (output), "m" (iw)
: "memory", "eax", "ecx", "edx", "esi", "edi");
memcpy(iv, iw, 16);
return 0;
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
#endif /* MBEDTLS_PADLOCK_C */

111
library/padlock.h
View File

@ -1,111 +0,0 @@
/**
* \file padlock.h
*
* \brief VIA PadLock ACE for HW encryption/decryption supported by some
* processors
*
* \warning These functions are only for internal use by other library
* functions; you must not call them directly.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#ifndef MBEDTLS_PADLOCK_H
#define MBEDTLS_PADLOCK_H
#include "mbedtls/build_info.h"
#include "mbedtls/aes.h"
#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
#define MBEDTLS_HAVE_ASAN
#endif
#endif
/*
* - `padlock` is implements with GNUC assembly for x86 target.
* - Some versions of ASan result in errors about not enough registers.
*/
#if defined(MBEDTLS_PADLOCK_C) && \
defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
defined(MBEDTLS_HAVE_ASM) && \
!defined(MBEDTLS_HAVE_ASAN)
#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
#include <stdint.h>
#define MBEDTLS_PADLOCK_RNG 0x000C
#define MBEDTLS_PADLOCK_ACE 0x00C0
#define MBEDTLS_PADLOCK_PHE 0x0C00
#define MBEDTLS_PADLOCK_PMM 0x3000
#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Internal PadLock detection routine
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param feature The feature to detect
*
* \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support(int feature);
/**
* \brief Internal PadLock AES-ECB block en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param input 16-byte input block
* \param output 16-byte output block
*
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
unsigned char output[16]);
/**
* \brief Internal PadLock AES-CBC buffer en(de)cryption
*
* \note This function is only for internal use by other library
* functions; you must not call it directly.
*
* \param ctx AES context
* \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
* \param length length of the input data
* \param iv initialization vector (updated after use)
* \param input buffer holding the input data
* \param output buffer holding the output data
*
* \return 0 if success, 1 if operation failed
*/
int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
int mode,
size_t length,
unsigned char iv[16],
const unsigned char *input,
unsigned char *output);
#ifdef __cplusplus
}
#endif
#endif /* HAVE_X86 */
#endif /* padlock.h */

6
programs/test/CMakeLists.txt
View File

@ -27,7 +27,8 @@ if(TEST_CPP)
add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
target_include_directories(cpp_dummy_build
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
endif()
@ -36,7 +37,8 @@ if(USE_SHARED_MBEDTLS_LIBRARY AND
add_executable(dlopen "dlopen.c")
target_include_directories(dlopen
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include)
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(dlopen ${CMAKE_DL_LIBS})
endif()

7
programs/test/generate_cpp_dummy_build.sh
View File

@ -45,6 +45,13 @@ EOF
esac
done
for header in tf-psa-crypto/drivers/builtin/include/mbedtls/*.h; do
case ${header#tf-psa-crypto/drivers/builtin/include/} in
mbedtls/config_*.h) :;; # not meant for direct inclusion
*) echo "#include \"${header#tf-psa-crypto/drivers/builtin/include/}\"";;
esac
done
for header in tf-psa-crypto/include/psa/*.h; do
case ${header#tf-psa-crypto/include/} in
psa/crypto_config.h) :;; # not meant for direct inclusion

5
scripts/common.make
View File

@ -21,7 +21,10 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include -D_FILE_OFFSET_BITS=64
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
-I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \

23
scripts/generate_errors.pl
View File

@ -3,7 +3,7 @@
# Generate error.c
#
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
# or generate_errors.pl include_dir data_dir error_file
# or generate_errors.pl crypto_include_dir tls_include_dir data_dir error_file
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
@ -11,22 +11,24 @@
use strict;
use warnings;
my ($include_dir, $data_dir, $error_file);
my ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file);
if( @ARGV ) {
die "Invalid number of arguments" if scalar @ARGV != 3;
($include_dir, $data_dir, $error_file) = @ARGV;
die "Invalid number of arguments" if scalar @ARGV != 4;
($crypto_include_dir, $tls_include_dir, $data_dir, $error_file) = @ARGV;
-d $include_dir or die "No such directory: $include_dir\n";
-d $crypto_include_dir or die "No such directory: $crypto_include_dir\n";
-d $tls_include_dir or die "No such directory: $tls_include_dir\n";
-d $data_dir or die "No such directory: $data_dir\n";
} else {
$include_dir = 'include/mbedtls';
$crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
$tls_include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
$error_file = 'library/error.c';
unless( -d $include_dir && -d $data_dir ) {
unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) {
chdir '..' or die;
-d $include_dir && -d $data_dir
-d $crypto_include_dir && -d $tls_include_dir && -d $data_dir
or die "Without arguments, must be run from root or scripts\n"
}
}
@ -36,7 +38,7 @@ my $error_format_file = $data_dir.'/error.fmt';
my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5
NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160
SHA1 SHA256 SHA512 SHA3 THREADING );
my @high_level_modules = qw( CIPHER DHM ECP MD
PEM PK PKCS12 PKCS5
@ -48,7 +50,8 @@ open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format f
my $error_format = <FORMAT_FILE>;
close(FORMAT_FILE);
my @files = glob qq("$include_dir/*.h");
my @files = glob qq("$crypto_include_dir/*.h");
push(@files, glob qq("$tls_include_dir/*.h"));
my @necessary_include_files;
my @matches;
foreach my $file (@files) {

4
scripts/generate_visualc_files.pl
View File

@ -23,6 +23,7 @@ my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
my $programs_dir = 'programs';
my $mbedtls_header_dir = 'include/mbedtls';
my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
my $psa_header_dir = 'tf-psa-crypto/include/psa';
my $source_dir = 'library';
my $test_source_dir = 'tests/src';
@ -45,6 +46,7 @@ my @thirdparty_source_dirs = qw(
my @include_directories = qw(
include
tf-psa-crypto/include
tf-psa-crypto/drivers/builtin/include
3rdparty/everest/include/
3rdparty/everest/include/everest
3rdparty/everest/include/everest/vs2013
@ -102,6 +104,7 @@ sub check_dirs {
}
return -d $vsx_dir
&& -d $mbedtls_header_dir
&& -d $drivers_builtin_header_dir
&& -d $psa_header_dir
&& -d $source_dir
&& -d $test_source_dir
@ -258,6 +261,7 @@ sub main {
my @app_list = get_app_list();
my @header_dirs = (
$mbedtls_header_dir,
$drivers_builtin_header_dir,
$psa_header_dir,
$test_header_dir,
$test_drivers_header_dir,

11
tests/Makefile
View File

@ -244,6 +244,8 @@ include/alt-extra/%_alt.h: ../include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
# Generate test library
@ -252,7 +254,13 @@ include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h
# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx
# symbols.
define libtestdriver1_rewrite :=
s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/include/mbedtls/!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_legacy_crypto.h!$${1}libtestdriver1/include/mbedtls/config_adjust_legacy_crypto.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \
s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \
s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \
next if /^\s*#\s*include/; \
s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \
@ -290,6 +298,7 @@ libtestdriver1.a:
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h
$(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a

23
tests/psa-client-server/psasim/Makefile
View File

@ -1,5 +1,3 @@
MAIN ?= src/client.c
CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
ifeq ($(DEBUG),1)
@ -10,17 +8,23 @@ LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls
LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto
MBEDTLS_ROOT_PATH = ../../..
COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include
COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \
-I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \
-I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include
GENERATED_H_FILES = include/psa_manifest/manifest.h \
include/psa_manifest/pid.h \
include/psa_manifest/sid.h
PSA_CLIENT_SRC = src/psa_ff_client.c \
$(MAIN) \
PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \
src/psa_sim_crypto_client.c \
src/psa_sim_serialise.c
PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c
PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \
$(wildcard src/aut_*.c)
PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \
@ -35,8 +39,11 @@ all:
test/seedfile:
dd if=/dev/urandom of=./test/seedfile bs=64 count=1
test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
@ -56,7 +63,7 @@ libpsaclient libpsaserver:
$(MAKE) -C $(MBEDTLS_ROOT_PATH) clean
clean:
rm -f test/psa_client test/psa_partition
rm -f test/psa_client_base test/psa_client_full test/psa_partition
rm -f $(PARTITION_SERVER_BOOTSTRAP)
rm -rf libpsaclient libpsaserver
rm -rf include/psa_manifest

71
tests/psa-client-server/psasim/src/aut_main.c Normal file
View File

@ -0,0 +1,71 @@
/**
* This is the base AUT that exectues all other AUTs meant to test PSA APIs
* through PSASIM.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
#include "mbedtls/build_info.h"
#include "psa/crypto.h"
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int psa_hash_compute_main(void);
int psa_hash_main(void);
int psa_aead_encrypt_main(char *cipher_name);
int psa_aead_encrypt_decrypt_main(void);
int psa_cipher_encrypt_decrypt_main(void);
int psa_asymmetric_encrypt_decrypt_main(void);
int psa_random_main(void);
int psa_mac_main(void);
int psa_key_agreement_main(void);
int psa_sign_verify_main(void);
int psa_hkdf_main(void);
#define TEST_MODULE(main_func) \
do { \
char title[128] = { 0 }; \
char separator[128] = { 0 }; \
int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \
memset(separator, '=', title_len); \
printf("%s\n%s\n%s\n", separator, title, separator); \
ret = main_func; \
if (ret != 0) { \
goto exit; \
} \
} while (0)
int main()
{
int ret;
TEST_MODULE(psa_hash_compute_main());
TEST_MODULE(psa_hash_main());
TEST_MODULE(psa_aead_encrypt_main("aes128-gcm"));
TEST_MODULE(psa_aead_encrypt_main("aes256-gcm"));
TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8"));
TEST_MODULE(psa_aead_encrypt_main("chachapoly"));
TEST_MODULE(psa_aead_encrypt_decrypt_main());
TEST_MODULE(psa_cipher_encrypt_decrypt_main());
TEST_MODULE(psa_asymmetric_encrypt_decrypt_main());
TEST_MODULE(psa_random_main());
TEST_MODULE(psa_mac_main());
TEST_MODULE(psa_key_agreement_main());
TEST_MODULE(psa_sign_verify_main());
TEST_MODULE(psa_hkdf_main());
exit:
return (ret != 0) ? 1 : 0;
}

60
tests/psa-client-server/psasim/src/aut_psa_aead_demo.c → tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
View File

@ -1,37 +1,8 @@
/**
* PSA API multi-part AEAD demonstration.
*
* This program AEAD-encrypts a message, using the algorithm and key size
* specified on the command line, using the multi-part API.
*
* It comes with a companion program cipher/cipher_aead_demo.c, which does the
* same operations with the legacy Cipher API. The goal is that comparing the
* two programs will help people migrating to the PSA Crypto API.
*
* When used with multi-part AEAD operations, the `mbedtls_cipher_context`
* serves a triple purpose (1) hold the key, (2) store the algorithm when no
* operation is active, and (3) save progress information for the current
* operation. With PSA those roles are held by disinct objects: (1) a
* psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
* algorithm, and (3) a psa_operation_t for multi-part progress.
*
* On the other hand, with PSA, the algorithms encodes the desired tag length;
* with Cipher the desired tag length needs to be tracked separately.
*
* This program and its companion cipher/cipher_aead_demo.c illustrate this by
* doing the same sequence of multi-part AEAD computation with both APIs;
* looking at the two side by side should make the differences and
* similarities clear.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/* First include Mbed TLS headers to get the Mbed TLS configuration and
* platform definitions that we'll use in this program. Also include
* standard C headers for functions we'll use here. */
#include "mbedtls/build_info.h"
#include "psa/crypto.h"
@ -40,25 +11,6 @@
#include <stdio.h>
#include <string.h>
/* If the build options we need are not enabled, compile a placeholder. */
#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(!defined(MBEDTLS_PSA_CRYPTO_C) || \
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
!defined(MBEDTLS_CHACHAPOLY_C) || \
defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER))
int main(void)
{
printf("MBEDTLS_PSA_CRYPTO_CLIENT or "
"MBEDTLS_PSA_CRYPTO_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
"MBEDTLS_CHACHAPOLY_C not defined, and/or "
"MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
return 0;
}
#else
/* The real program starts here. */
const char usage[] =
"Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
@ -257,21 +209,15 @@ exit:
/*
* Main function
*/
int main(int argc, char **argv)
int psa_aead_encrypt_main(char *cipher_name)
{
psa_status_t status = PSA_SUCCESS;
/* Check usage */
if (argc != 2) {
puts(usage);
return EXIT_FAILURE;
}
/* Initialize the PSA crypto library. */
PSA_CHECK(psa_crypto_init());
/* Run the demo */
PSA_CHECK(aead_demo(argv[1]));
PSA_CHECK(aead_demo(cipher_name));
/* Deinitialize the PSA crypto library. */
mbedtls_psa_crypto_free();
@ -279,5 +225,3 @@ int main(int argc, char **argv)
exit:
return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
}
#endif

109
tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c Normal file
View File

@ -0,0 +1,109 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define BUFFER_SIZE 500
static void print_bytestr(const uint8_t *bytes, size_t len)
{
for (unsigned int idx = 0; idx < len; idx++) {
printf("%02X", bytes[idx]);
}
}
int psa_aead_encrypt_decrypt_main(void)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
const uint8_t plaintext[] = "Hello World!";
const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
size_t nonce_length = sizeof(nonce);
size_t ciphertext_length;
size_t plaintext_length;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 256);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_generate_random(nonce, nonce_length);
if (status != PSA_SUCCESS) {
printf("psa_generate_random failed\n");
return EXIT_FAILURE;
}
status = psa_aead_encrypt(key_id, // key
PSA_ALG_CCM, // algorithm
nonce, nonce_length, // nonce
NULL, 0, // additional data
plaintext, sizeof(plaintext), // plaintext
encrypt, sizeof(encrypt), // ciphertext
&ciphertext_length); // length of output
if (status != PSA_SUCCESS) {
printf("psa_aead_encrypt failed\n");
return EXIT_FAILURE;
}
printf("AES-CCM encryption:\n");
printf("- Plaintext: '%s':\n", plaintext);
printf("- Key: ");
print_bytestr(key_bytes, sizeof(key_bytes));
printf("\n- Nonce: ");
print_bytestr(nonce, nonce_length);
printf("\n- No additional data\n");
printf("- Ciphertext:\n");
for (size_t j = 0; j < ciphertext_length; j++) {
if (j % 8 == 0) {
printf("\n ");
}
printf("%02x ", encrypt[j]);
}
printf("\n");
status = psa_aead_decrypt(key_id, // key
PSA_ALG_CCM, // algorithm
nonce, nonce_length, // nonce
NULL, 0, // additional data
encrypt, ciphertext_length, // ciphertext
decrypt, sizeof(decrypt), // plaintext
&plaintext_length); // length of output
if (status != PSA_SUCCESS) {
printf("psa_aead_decrypt failed\n");
return EXIT_FAILURE;
}
if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) {
printf("\nEncryption/Decryption failed!\n");
} else {
printf("\nEncryption/Decryption successful!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return 0;
}

81
tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define KEY_BITS 4096
#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS)
static void print_bytestr(const uint8_t *bytes, size_t len)
{
for (unsigned int idx = 0; idx < len; idx++) {
printf("%02X", bytes[idx]);
}
}
int psa_asymmetric_encrypt_decrypt_main(void)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
uint8_t original[BUFFER_SIZE/2] = { 0 };
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
size_t encrypted_length;
size_t decrypted_length;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
status = psa_generate_random(original, sizeof(original));
if (status != PSA_SUCCESS) {
printf("psa_generate_random() failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
psa_set_key_bits(&attributes, KEY_BITS);
status = psa_generate_key(&attributes, &key_id);
if (status != PSA_SUCCESS) {
printf("psa_generate_key failed (%d)\n", status);
return EXIT_FAILURE;
}
status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
original, sizeof(original), NULL, 0,
encrypt, sizeof(encrypt), &encrypted_length);
if (status != PSA_SUCCESS) {
printf("psa_asymmetric_encrypt failed (%d)\n", status);
return EXIT_FAILURE;
}
status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
encrypt, encrypted_length, NULL, 0,
decrypt, sizeof(decrypt), &decrypted_length);
if (status != PSA_SUCCESS) {
printf("psa_cipher_decrypt failed (%d)\n", status);
return EXIT_FAILURE;
}
if (memcmp(original, decrypt, sizeof(original)) != 0) {
printf("\nEncryption/Decryption failed!\n");
} else {
printf("\nEncryption/Decryption successful!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return 0;
}

81
tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c Normal file
View File

@ -0,0 +1,81 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#define BUFFER_SIZE 4096
static void print_bytestr(const uint8_t *bytes, size_t len)
{
for (unsigned int idx = 0; idx < len; idx++) {
printf("%02X", bytes[idx]);
}
}
int psa_cipher_encrypt_decrypt_main(void)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
uint8_t original[BUFFER_SIZE] = { 0 };
uint8_t encrypt[BUFFER_SIZE] = { 0 };
uint8_t decrypt[BUFFER_SIZE] = { 0 };
const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
size_t encrypted_length;
size_t decrypted_length;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
status = psa_generate_random(original, sizeof(original));
if (status != PSA_SUCCESS) {
printf("psa_generate_random() failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING);
psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
psa_set_key_bits(&attributes, 256);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING,
original, sizeof(original),
encrypt, sizeof(encrypt), &encrypted_length);
if (status != PSA_SUCCESS) {
printf("psa_cipher_encrypt failed\n");
return EXIT_FAILURE;
}
status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING,
encrypt, encrypted_length,
decrypt, sizeof(decrypt), &decrypted_length);
if (status != PSA_SUCCESS) {
printf("psa_cipher_decrypt failed\n");
return EXIT_FAILURE;
}
if (memcmp(original, decrypt, sizeof(original)) != 0) {
printf("\nEncryption/Decryption failed!\n");
} else {
printf("\nEncryption/Decryption successful!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return 0;
}

40
tests/psa-client-server/psasim/src/aut_psa_hash.c
View File

@ -1,13 +1,4 @@
/*
* Example computing a SHA-256 hash using the PSA Crypto API
*
* The example computes the SHA-256 hash of a test string using the
* one-shot API call psa_hash_compute() and the using multi-part
* operation, which requires psa_hash_setup(), psa_hash_update() and
* psa_hash_finish(). The multi-part operation is popular on embedded
* devices where a rolling hash needs to be computed.
*
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
@ -20,33 +11,13 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
/* Information about hashing with the PSA API can be
* found here:
* https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
*
* The algorithm used by this demo is SHA 256.
* Please see include/psa/crypto_values.h to see the other
* algorithms that are supported by Mbed TLS.
* If you switch to a different algorithm you will need to update
* the hash data in the EXAMPLE_HASH_VALUE macro below. */
#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256))
int main(void)
{
mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
"not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n");
return EXIT_SUCCESS;
}
#else
#define HASH_ALG PSA_ALG_SHA_256
const uint8_t sample_message[] = "Hello World!";
static const uint8_t sample_message[] = "Hello World!";
/* sample_message is terminated with a null byte which is not part of
* the message itself so we make sure to subtract it in order to get
* the message length. */
const size_t sample_message_length = sizeof(sample_message) - 1;
static const size_t sample_message_length = sizeof(sample_message) - 1;
#define EXPECTED_HASH_VALUE { \
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
@ -54,10 +25,10 @@ const size_t sample_message_length = sizeof(sample_message) - 1;
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
}
const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
const size_t expected_hash_len = sizeof(expected_hash);
static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
static const size_t expected_hash_len = sizeof(expected_hash);
int main(void)
int psa_hash_main(void)
{
psa_status_t status;
uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
@ -157,4 +128,3 @@ cleanup:
psa_hash_abort(&cloned_hash_operation);
return EXIT_FAILURE;
}
#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */

42
tests/psa-client-server/psasim/src/aut_psa_hash_compute.c
View File

@ -1,15 +1,4 @@
/*
* API(s) under test: psa_hash_compute()
*
* Taken from programs/psa/psa_hash.c, and calls to all hash APIs
* but psa_hash_compute() removed.
*
* Example computing a SHA-256 hash using the PSA Crypto API
*
* The example computes the SHA-256 hash of a test string using the
* one-shot API call psa_hash_compute().
*
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
@ -22,33 +11,13 @@
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
/* Information about hashing with the PSA API can be
* found here:
* https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
*
* The algorithm used by this demo is SHA 256.
* Please see include/psa/crypto_values.h to see the other
* algorithms that are supported by Mbed TLS.
* If you switch to a different algorithm you will need to update
* the hash data in the EXAMPLE_HASH_VALUE macro below. */
#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
(!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256))
int main(void)
{
mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
"not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n");
return EXIT_SUCCESS;
}
#else
#define HASH_ALG PSA_ALG_SHA_256
const uint8_t sample_message[] = "Hello World!";
static const uint8_t sample_message[] = "Hello World!";
/* sample_message is terminated with a null byte which is not part of
* the message itself so we make sure to subtract it in order to get
* the message length. */
const size_t sample_message_length = sizeof(sample_message) - 1;
static const size_t sample_message_length = sizeof(sample_message) - 1;
#define EXPECTED_HASH_VALUE { \
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
@ -56,10 +25,10 @@ const size_t sample_message_length = sizeof(sample_message) - 1;
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
}
const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
const size_t expected_hash_len = sizeof(expected_hash);
static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
static const size_t expected_hash_len = sizeof(expected_hash);
int main(void)
int psa_hash_compute_main(void)
{
psa_status_t status;
uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
@ -110,4 +79,3 @@ int main(void)
cleanup:
return EXIT_FAILURE;
}
#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */

121
tests/psa-client-server/psasim/src/aut_psa_hkdf.c Normal file
View File

@ -0,0 +1,121 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/build_info.h"
int psa_hkdf_main(void)
{
psa_status_t status;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
/* Example test vector from RFC 5869 */
/* Input keying material (IKM) */
unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
unsigned char salt[] =
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
/* Context and application specific information, which can be of zero length */
unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };
/* Expected OKM based on the RFC 5869-provided test vector */
unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43,
0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90,
0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
0x58, 0x65 };
/* The output size of the HKDF function depends on the hash function used.
* In our case we use SHA-256, which produces a 32 byte fingerprint.
* Therefore, we allocate a buffer of 32 bytes to hold the output keying
* material (OKM).
*/
unsigned char output[32];
psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
printf("PSA Crypto API: HKDF SHA-256 example\n\n");
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_key_derivation_setup(&operation, alg);
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_setup failed");
return EXIT_FAILURE;
}
status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT,
salt, sizeof(salt));
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_input_bytes (salt) failed");
return EXIT_FAILURE;
}
status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
key_id);
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_input_key failed");
return EXIT_FAILURE;
}
status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO,
info, sizeof(info));
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_input_bytes (info) failed");
return EXIT_FAILURE;
}
status = psa_key_derivation_output_bytes(&operation, output, sizeof(output));
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_output_bytes failed");
return EXIT_FAILURE;
}
status = psa_key_derivation_abort(&operation);
if (status != PSA_SUCCESS) {
printf("psa_key_derivation_abort failed");
return EXIT_FAILURE;
}
printf("OKM: \n");
for (size_t j = 0; j < sizeof(output); j++) {
if (output[j] != expected_okm[j]) {
printf("\n --- Unexpected outcome!\n");
return EXIT_FAILURE;
}
if (j % 8 == 0) {
printf("\n ");
}
printf("%02x ", output[j]);
}
printf("\n");
mbedtls_psa_crypto_free();
return EXIT_SUCCESS;
}

146
tests/psa-client-server/psasim/src/aut_psa_key_agreement.c Normal file
View File

@ -0,0 +1,146 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/build_info.h"
#include "mbedtls/debug.h"
#include "mbedtls/platform.h"
#define BUFFER_SIZE 500
#define SERVER_PK_VALUE { \
0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \
0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \
0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \
0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \
0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \
0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \
0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \
0xf3, 0x20 \
}
#define KEY_BITS 256
int psa_key_agreement_main(void)
{
psa_status_t status;
psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t client_key_id = 0;
psa_key_id_t server_key_id = 0;
uint8_t client_pk[BUFFER_SIZE] = { 0 };
size_t client_pk_len;
size_t key_bits;
psa_key_type_t key_type;
const uint8_t server_pk[] = SERVER_PK_VALUE;
uint8_t derived_key[BUFFER_SIZE] = { 0 };
size_t derived_key_len;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH);
psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
psa_set_key_bits(&client_attributes, KEY_BITS);
/* Generate ephemeral key pair */
status = psa_generate_key(&client_attributes, &client_key_id);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_generate_key failed\n");
return EXIT_FAILURE;
}
status = psa_export_public_key(client_key_id,
client_pk, sizeof(client_pk),
&client_pk_len);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_export_public_key failed\n");
return EXIT_FAILURE;
}
mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len);
for (size_t j = 0; j < client_pk_len; j++) {
if (j % 8 == 0) {
mbedtls_printf("\n ");
}
mbedtls_printf("%02x ", client_pk[j]);
}
mbedtls_printf("\n\n");
psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY);
psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
/* Import server public key */
status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_get_key_attributes(server_key_id, &check_attributes);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_get_key_attributes failed\n");
return EXIT_FAILURE;
}
key_bits = psa_get_key_bits(&check_attributes);
if (key_bits != 256) {
mbedtls_printf("Incompatible key size!\n");
return EXIT_FAILURE;
}
key_type = psa_get_key_type(&check_attributes);
if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
mbedtls_printf("Unsupported key type!\n");
return EXIT_FAILURE;
}
mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk));
for (size_t j = 0; j < sizeof(server_pk); j++) {
if (j % 8 == 0) {
mbedtls_printf("\n ");
}
mbedtls_printf("%02x ", server_pk[j]);
}
mbedtls_printf("\n\n");
/* Generate ECDHE derived key */
status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm
client_key_id, // client secret key
server_pk, sizeof(server_pk), // server public key
derived_key, sizeof(derived_key), // buffer to store derived key
&derived_key_len);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_raw_key_agreement failed\n");
return EXIT_FAILURE;
}
mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len);
for (size_t j = 0; j < derived_key_len; j++) {
if (j % 8 == 0) {
mbedtls_printf("\n ");
}
mbedtls_printf("%02x ", derived_key[j]);
}
mbedtls_printf("\n");
psa_destroy_key(server_key_id);
psa_destroy_key(client_key_id);
mbedtls_psa_crypto_free();
return EXIT_SUCCESS;
}

162
tests/psa-client-server/psasim/src/aut_psa_mac.c Normal file
View File

@ -0,0 +1,162 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/build_info.h"
/* constant-time buffer comparison */
static inline int safer_memcmp(const void *a, const void *b, size_t n)
{
size_t i;
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for (i = 0; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
unsigned char x = A[i], y = B[i];
diff |= x ^ y;
}
return diff;
}
int psa_mac_main(void)
{
uint8_t input[] = "Hello World!";
psa_status_t status;
size_t mac_size_real = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t key_id = 0;
uint8_t mac[PSA_MAC_MAX_SIZE];
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk";
const uint8_t mbedtls_test_hmac_sha256[] = {
0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71,
0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86,
0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8,
0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b
};
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_SIGN_MESSAGE);
psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
/* Single-part MAC operation with psa_mac_compute() */
status = psa_mac_compute(key_id,
PSA_ALG_HMAC(PSA_ALG_SHA_256),
input,
sizeof(input),
mac,
sizeof(mac),
&mac_size_real);
if (status != PSA_SUCCESS) {
printf("psa_mac_compute failed\n");
return EXIT_FAILURE;
}
printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input);
for (size_t j = 0; j < mac_size_real; j++) {
if (j % 8 == 0) {
printf("\n ");
}
printf("%02x ", mac[j]);
}
printf("\n");
if (safer_memcmp(mac,
mbedtls_test_hmac_sha256,
mac_size_real
) != 0) {
printf("\nMAC verified incorrectly!\n");
} else {
printf("\nMAC verified correctly!\n");
}
psa_destroy_key(key_id);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
/* Single-part MAC operation with psa_mac_verify() */
status = psa_mac_verify(key_id,
PSA_ALG_HMAC(PSA_ALG_SHA_256),
input,
sizeof(input),
mbedtls_test_hmac_sha256,
sizeof(mbedtls_test_hmac_sha256));
if (status != PSA_SUCCESS) {
printf("psa_mac_verify failed\n");
return EXIT_FAILURE;
} else {
printf("psa_mac_verify passed successfully\n");
}
psa_destroy_key(key_id);
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
/* Multi-part MAC operation */
status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256));
if (status != PSA_SUCCESS) {
printf("psa_mac_sign_setup failed\n");
return EXIT_FAILURE;
}
status = psa_mac_update(&operation, input, sizeof(input));
if (status != PSA_SUCCESS) {
printf("psa_mac_update failed\n");
return EXIT_FAILURE;
}
status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real);
if (status != PSA_SUCCESS) {
printf("psa_mac_sign_finish failed\n");
return EXIT_FAILURE;
}
if (safer_memcmp(mac,
mbedtls_test_hmac_sha256,
mac_size_real
) != 0) {
printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n");
} else {
printf("MAC, calculated with multi-part MAC operation, verified correctly!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return EXIT_SUCCESS;
}

47
tests/psa-client-server/psasim/src/aut_psa_random.c Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "mbedtls/build_info.h"
#include <psa/crypto.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/entropy.h"
#define BUFFER_SIZE 100
int psa_random_main(void)
{
psa_status_t status;
uint8_t output[BUFFER_SIZE] = { 0 };
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
status = psa_generate_random(output, BUFFER_SIZE);
if (status != PSA_SUCCESS) {
printf("psa_generate_random failed\n");
return EXIT_FAILURE;
}
printf("Random bytes generated:\n");
for (size_t j = 0; j < BUFFER_SIZE; j++) {
if (j % 8 == 0) {
printf("\n ");
}
printf("%02x ", output[j]);
}
printf("\n");
mbedtls_psa_crypto_free();
return 0;
}

93
tests/psa-client-server/psasim/src/aut_psa_sign_verify.c Normal file
View File

@ -0,0 +1,93 @@
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include "mbedtls/build_info.h"
#include "mbedtls/platform.h"
#define KEY_BYTES_VALUE { \
0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \
0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \
0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \
}
#define PLAINTEXT_VALUE "Hello World!"
/* SHA-256(plaintext) */
#define HASH_VALUE { \
0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \
0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \
0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \
}
int psa_sign_verify_main(void)
{
psa_status_t status;
psa_key_id_t key_id = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t signature_length;
const uint8_t key_bytes[] = KEY_BYTES_VALUE;
const uint8_t plaintext[] = PLAINTEXT_VALUE;
const uint8_t hash[] = HASH_VALUE;
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_crypto_init failed\n");
return EXIT_FAILURE;
}
psa_set_key_usage_flags(&attributes,
PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_import_key failed\n");
return EXIT_FAILURE;
}
status = psa_sign_hash(key_id, // key handle
PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm
hash, sizeof(hash), // hash of the message
signature, sizeof(signature), // signature (as output)
&signature_length); // length of signature output
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_sign_hash failed\n");
return EXIT_FAILURE;
}
mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext);
for (size_t j = 0; j < signature_length; j++) {
if (j % 8 == 0) {
mbedtls_printf("\n ");
}
mbedtls_printf("%02x ", signature[j]);
}
mbedtls_printf("\n");
status = psa_verify_hash(key_id, // key handle
PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm
hash, sizeof(hash), // hash of message
signature, signature_length); // signature
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_verify_hash failed\n");
return EXIT_FAILURE;
} else {
mbedtls_printf("\nSignature verification successful!\n");
}
psa_destroy_key(key_id);
mbedtls_psa_crypto_free();
return EXIT_SUCCESS;
}

53
tests/psa-client-server/psasim/src/psa_functions_codes.h
View File

@ -24,7 +24,24 @@ enum {
PSA_AEAD_UPDATE,
PSA_AEAD_UPDATE_AD,
PSA_AEAD_VERIFY,
PSA_ASYMMETRIC_DECRYPT,
PSA_ASYMMETRIC_ENCRYPT,
PSA_CIPHER_ABORT,
PSA_CIPHER_DECRYPT,
PSA_CIPHER_DECRYPT_SETUP,
PSA_CIPHER_ENCRYPT,
PSA_CIPHER_ENCRYPT_SETUP,
PSA_CIPHER_FINISH,
PSA_CIPHER_GENERATE_IV,
PSA_CIPHER_SET_IV,
PSA_CIPHER_UPDATE,
PSA_COPY_KEY,
PSA_DESTROY_KEY,
PSA_EXPORT_KEY,
PSA_EXPORT_PUBLIC_KEY,
PSA_GENERATE_KEY,
PSA_GENERATE_KEY_EXT,
PSA_GENERATE_RANDOM,
PSA_GET_KEY_ATTRIBUTES,
PSA_HASH_ABORT,
PSA_HASH_CLONE,
@ -35,6 +52,42 @@ enum {
PSA_HASH_UPDATE,
PSA_HASH_VERIFY,
PSA_IMPORT_KEY,
PSA_INTERRUPTIBLE_GET_MAX_OPS,
PSA_INTERRUPTIBLE_SET_MAX_OPS,
PSA_KEY_DERIVATION_ABORT,
PSA_KEY_DERIVATION_GET_CAPACITY,
PSA_KEY_DERIVATION_INPUT_BYTES,
PSA_KEY_DERIVATION_INPUT_INTEGER,
PSA_KEY_DERIVATION_INPUT_KEY,
PSA_KEY_DERIVATION_KEY_AGREEMENT,
PSA_KEY_DERIVATION_OUTPUT_BYTES,
PSA_KEY_DERIVATION_OUTPUT_KEY,
PSA_KEY_DERIVATION_OUTPUT_KEY_EXT,
PSA_KEY_DERIVATION_SET_CAPACITY,
PSA_KEY_DERIVATION_SETUP,
PSA_MAC_ABORT,
PSA_MAC_COMPUTE,
PSA_MAC_SIGN_FINISH,
PSA_MAC_SIGN_SETUP,
PSA_MAC_UPDATE,
PSA_MAC_VERIFY,
PSA_MAC_VERIFY_FINISH,
PSA_MAC_VERIFY_SETUP,
PSA_PURGE_KEY,
PSA_RAW_KEY_AGREEMENT,
PSA_RESET_KEY_ATTRIBUTES,
PSA_SIGN_HASH,
PSA_SIGN_HASH_ABORT,
PSA_SIGN_HASH_COMPLETE,
PSA_SIGN_HASH_GET_NUM_OPS,
PSA_SIGN_HASH_START,
PSA_SIGN_MESSAGE,
PSA_VERIFY_HASH,
PSA_VERIFY_HASH_ABORT,
PSA_VERIFY_HASH_COMPLETE,
PSA_VERIFY_HASH_GET_NUM_OPS,
PSA_VERIFY_HASH_START,
PSA_VERIFY_MESSAGE,
};
#endif /* _PSA_FUNCTIONS_CODES_H_ */

5712
tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
View File

File diff suppressed because it is too large Load Diff

5870
tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
View File

File diff suppressed because it is too large Load Diff

3243
tests/psa-client-server/psasim/src/psa_sim_generate.pl
View File

File diff suppressed because it is too large Load Diff

974
tests/psa-client-server/psasim/src/psa_sim_serialise.c
View File

File diff suppressed because it is too large Load Diff

685
tests/psa-client-server/psasim/src/psa_sim_serialise.h
View File

@ -107,7 +107,8 @@ int psasim_deserialise_begin(uint8_t **pos, size_t *remaining);
* \c psasim_serialise_unsigned_int() to serialise
* the given value.
*/
size_t psasim_serialise_unsigned_int_needs(unsigned int value);
size_t psasim_serialise_unsigned_int_needs(
unsigned int value);
/** Serialise an `unsigned int` into a buffer.
*
@ -149,7 +150,8 @@ int psasim_deserialise_unsigned_int(uint8_t **pos,
* \c psasim_serialise_int() to serialise
* the given value.
*/
size_t psasim_serialise_int_needs(int value);
size_t psasim_serialise_int_needs(
int value);
/** Serialise an `int` into a buffer.
*
@ -191,7 +193,8 @@ int psasim_deserialise_int(uint8_t **pos,
* \c psasim_serialise_size_t() to serialise
* the given value.
*/
size_t psasim_serialise_size_t_needs(size_t value);
size_t psasim_serialise_size_t_needs(
size_t value);
/** Serialise a `size_t` into a buffer.
*
@ -222,6 +225,135 @@ int psasim_deserialise_size_t(uint8_t **pos,
size_t *remaining,
size_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_uint16_t()
* to serialise an `uint16_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_uint16_t() to serialise
* the given value.
*/
size_t psasim_serialise_uint16_t_needs(
uint16_t value);
/** Serialise an `uint16_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_uint16_t(uint8_t **pos,
size_t *remaining,
uint16_t value);
/** Deserialise an `uint16_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to an `uint16_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_uint16_t(uint8_t **pos,
size_t *remaining,
uint16_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_uint32_t()
* to serialise an `uint32_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_uint32_t() to serialise
* the given value.
*/
size_t psasim_serialise_uint32_t_needs(
uint32_t value);
/** Serialise an `uint32_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_uint32_t(uint8_t **pos,
size_t *remaining,
uint32_t value);
/** Deserialise an `uint32_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to an `uint32_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_uint32_t(uint8_t **pos,
size_t *remaining,
uint32_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_uint64_t()
* to serialise an `uint64_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_uint64_t() to serialise
* the given value.
*/
size_t psasim_serialise_uint64_t_needs(
uint64_t value);
/** Serialise an `uint64_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_uint64_t(uint8_t **pos,
size_t *remaining,
uint64_t value);
/** Deserialise an `uint64_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to an `uint64_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_uint64_t(uint8_t **pos,
size_t *remaining,
uint64_t *value);
/** Return how much space is needed by \c psasim_serialise_buffer()
* to serialise a buffer: a (`uint8_t *`, `size_t`) pair.
*
@ -289,6 +421,56 @@ int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining,
int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
uint8_t *buffer, size_t buffer_length);
/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
* to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
*
* \param params Pointer to the struct to be serialised
* (needed in case some serialisations are value-
* dependent).
* \param data_length Number of bytes in the data[] of the struct to be serialised.
*
* \return The number of bytes needed in the serialisation buffer by
* \c psasim_serialise_psa_key_production_parameters_t() to serialise
* the specified structure.
*/
size_t psasim_serialise_psa_key_production_parameters_t_needs(
const psa_key_production_parameters_t *params,
size_t buffer_size);
/** Serialise a psa_key_production_parameters_t.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param params Pointer to the structure to be serialised.
* \param data_length Number of bytes in the data[] of the struct to be serialised.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
size_t *remaining,
const psa_key_production_parameters_t *params,
size_t data_length);
/** Deserialise a psa_key_production_parameters_t.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the serialisation buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the serialisation buffer.
* \param params Pointer to a `psa_key_production_parameters_t *` to
* receive the address of a newly-allocated structure,
* which the caller must `free()`.
* \param data_length Pointer to a `size_t` to receive the number of
* bytes in the data[] member of the structure deserialised.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
psa_key_production_parameters_t **params,
size_t *buffer_length);
/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t()
* to serialise a `psa_status_t`.
*
@ -300,7 +482,8 @@ int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
* \c psasim_serialise_psa_status_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_status_t_needs(psa_status_t value);
size_t psasim_serialise_psa_status_t_needs(
psa_status_t value);
/** Serialise a `psa_status_t` into a buffer.
*
@ -342,7 +525,8 @@ int psasim_deserialise_psa_status_t(uint8_t **pos,
* \c psasim_serialise_psa_algorithm_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value);
size_t psasim_serialise_psa_algorithm_t_needs(
psa_algorithm_t value);
/** Serialise a `psa_algorithm_t` into a buffer.
*
@ -373,6 +557,49 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos,
size_t *remaining,
psa_algorithm_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t()
* to serialise a `psa_key_derivation_step_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_key_derivation_step_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_key_derivation_step_t_needs(
psa_key_derivation_step_t value);
/** Serialise a `psa_key_derivation_step_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_step_t value);
/** Deserialise a `psa_key_derivation_step_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_key_derivation_step_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_step_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t()
* to serialise a `psa_hash_operation_t`.
*
@ -384,7 +611,8 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos,
* \c psasim_serialise_psa_hash_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value);
size_t psasim_serialise_psa_hash_operation_t_needs(
psa_hash_operation_t value);
/** Serialise a `psa_hash_operation_t` into a buffer.
*
@ -426,7 +654,8 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos,
* \c psasim_serialise_psa_hash_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *value);
size_t psasim_server_serialise_psa_hash_operation_t_needs(
psa_hash_operation_t *value);
/** Serialise a `psa_hash_operation_t` into a buffer on the server side.
*
@ -468,7 +697,8 @@ int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos,
* \c psasim_serialise_psa_aead_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_aead_operation_t_needs(psa_aead_operation_t value);
size_t psasim_serialise_psa_aead_operation_t_needs(
psa_aead_operation_t value);
/** Serialise a `psa_aead_operation_t` into a buffer.
*
@ -510,7 +740,8 @@ int psasim_deserialise_psa_aead_operation_t(uint8_t **pos,
* \c psasim_serialise_psa_aead_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_aead_operation_t_needs(psa_aead_operation_t *value);
size_t psasim_server_serialise_psa_aead_operation_t_needs(
psa_aead_operation_t *value);
/** Serialise a `psa_aead_operation_t` into a buffer on the server side.
*
@ -552,7 +783,8 @@ int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos,
* \c psasim_serialise_psa_key_attributes_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_key_attributes_t_needs(psa_key_attributes_t value);
size_t psasim_serialise_psa_key_attributes_t_needs(
psa_key_attributes_t value);
/** Serialise a `psa_key_attributes_t` into a buffer.
*
@ -583,6 +815,436 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos,
size_t *remaining,
psa_key_attributes_t *value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t()
* to serialise a `psa_mac_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_mac_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_mac_operation_t_needs(
psa_mac_operation_t value);
/** Serialise a `psa_mac_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
psa_mac_operation_t value);
/** Deserialise a `psa_mac_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_mac_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
psa_mac_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t()
* to serialise a `psa_mac_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_mac_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_mac_operation_t_needs(
psa_mac_operation_t *value);
/** Serialise a `psa_mac_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
psa_mac_operation_t *value);
/** Deserialise a `psa_mac_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_mac_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
psa_mac_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t()
* to serialise a `psa_cipher_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_cipher_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_cipher_operation_t_needs(
psa_cipher_operation_t value);
/** Serialise a `psa_cipher_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t value);
/** Deserialise a `psa_cipher_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_cipher_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t()
* to serialise a `psa_cipher_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_cipher_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_cipher_operation_t_needs(
psa_cipher_operation_t *value);
/** Serialise a `psa_cipher_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t *value);
/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_cipher_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
psa_cipher_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t()
* to serialise a `psa_key_derivation_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_key_derivation_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_key_derivation_operation_t_needs(
psa_key_derivation_operation_t value);
/** Serialise a `psa_key_derivation_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_operation_t value);
/** Deserialise a `psa_key_derivation_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_key_derivation_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t()
* to serialise a `psa_key_derivation_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_key_derivation_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(
psa_key_derivation_operation_t *value);
/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_operation_t *value);
/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_key_derivation_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
psa_key_derivation_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t()
* to serialise a `psa_sign_hash_interruptible_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(
psa_sign_hash_interruptible_operation_t value);
/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_sign_hash_interruptible_operation_t value);
/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_sign_hash_interruptible_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t()
* to serialise a `psa_sign_hash_interruptible_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(
psa_sign_hash_interruptible_operation_t *value);
/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_sign_hash_interruptible_operation_t *value);
/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_sign_hash_interruptible_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t()
* to serialise a `psa_verify_hash_interruptible_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise
* the given value.
*/
size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(
psa_verify_hash_interruptible_operation_t value);
/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_verify_hash_interruptible_operation_t value);
/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_verify_hash_interruptible_operation_t *value);
/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t()
* to serialise a `psa_verify_hash_interruptible_operation_t`.
*
* \param value The value that will be serialised into the buffer
* (needed in case some serialisations are value-
* dependent).
*
* \return The number of bytes needed in the buffer by
* \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise
* the given value.
*/
size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(
psa_verify_hash_interruptible_operation_t *value);
/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_verify_hash_interruptible_operation_t *value);
/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value
* deserialised from the buffer.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
psa_verify_hash_interruptible_operation_t **value);
/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t()
* to serialise a `mbedtls_svc_key_id_t`.
*
@ -594,7 +1256,8 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos,
* \c psasim_serialise_mbedtls_svc_key_id_t() to serialise
* the given value.
*/
size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value);
size_t psasim_serialise_mbedtls_svc_key_id_t_needs(
mbedtls_svc_key_id_t value);
/** Serialise a `mbedtls_svc_key_id_t` into a buffer.
*

194
tests/psa-client-server/psasim/src/psa_sim_serialise.pl
View File

@ -36,11 +36,18 @@ die($usage) unless $which eq "c" || $which eq "h";
# are).
#
my @types = qw(unsigned-int int size_t
uint16_t uint32_t uint64_t
buffer
psa_status_t psa_algorithm_t
psa_key_production_parameters_t
psa_status_t psa_algorithm_t psa_key_derivation_step_t
psa_hash_operation_t
psa_aead_operation_t
psa_key_attributes_t
psa_mac_operation_t
psa_cipher_operation_t
psa_key_derivation_operation_t
psa_sign_hash_interruptible_operation_t
psa_verify_hash_interruptible_operation_t
mbedtls_svc_key_id_t);
grep(s/-/ /g, @types);
@ -49,6 +56,7 @@ grep(s/-/ /g, @types);
my %isa = (
"psa_status_t" => "int",
"psa_algorithm_t" => "unsigned int",
"psa_key_derivation_step_t" => "uint16_t",
);
if ($which eq "h") {
@ -58,6 +66,8 @@ if ($which eq "h") {
for my $type (@types) {
if ($type eq "buffer") {
print declare_buffer_functions();
} elsif ($type eq "psa_key_production_parameters_t") {
print declare_psa_key_production_parameters_t_functions();
} else {
print declare_needs($type, "");
print declare_serialise($type, "");
@ -88,6 +98,8 @@ if ($which eq "h") {
for my $type (@types) {
if ($type eq "buffer") {
print define_buffer_functions();
} elsif ($type eq "psa_key_production_parameters_t") {
print define_psa_key_production_parameters_t_functions();
} elsif (exists($isa{$type})) {
print define_needs_isa($type, $isa{$type});
print define_serialise_isa($type, $isa{$type});
@ -133,7 +145,8 @@ sub declare_needs
* \\c psasim_serialise_$type_d() to serialise
* the given value.
*/
size_t psasim_${server}serialise_${type_d}_needs($type ${ptr}value);
size_t psasim_${server}serialise_${type_d}_needs(
$type ${ptr}value);
EOF
}
@ -271,6 +284,62 @@ int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
EOF
}
sub declare_psa_key_production_parameters_t_functions
{
return <<'EOF';
/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
* to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
*
* \param params Pointer to the struct to be serialised
* (needed in case some serialisations are value-
* dependent).
* \param data_length Number of bytes in the data[] of the struct to be serialised.
*
* \return The number of bytes needed in the serialisation buffer by
* \c psasim_serialise_psa_key_production_parameters_t() to serialise
* the specified structure.
*/
size_t psasim_serialise_psa_key_production_parameters_t_needs(
const psa_key_production_parameters_t *params,
size_t buffer_size);
/** Serialise a psa_key_production_parameters_t.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param params Pointer to the structure to be serialised.
* \param data_length Number of bytes in the data[] of the struct to be serialised.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
size_t *remaining,
const psa_key_production_parameters_t *params,
size_t data_length);
/** Deserialise a psa_key_production_parameters_t.
*
* \param pos[in,out] Pointer to a `uint8_t *` holding current position
* in the serialisation buffer.
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the serialisation buffer.
* \param params Pointer to a `psa_key_production_parameters_t *` to
* receive the address of a newly-allocated structure,
* which the caller must `free()`.
* \param data_length Pointer to a `size_t` to receive the number of
* bytes in the data[] member of the structure deserialised.
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
psa_key_production_parameters_t **params,
size_t *buffer_length);
EOF
}
sub h_header
{
return <<'EOF';
@ -383,7 +452,8 @@ sub define_needs
return <<EOF;
size_t psasim_serialise_${type_d}_needs($type value)
size_t psasim_serialise_${type_d}_needs(
$type value)
{
return sizeof(value);
}
@ -399,7 +469,8 @@ sub define_server_needs
return <<EOF;
size_t psasim_server_serialise_${type_d}_needs($type *operation)
size_t psasim_server_serialise_${type_d}_needs(
$type *operation)
{
(void) operation;
@ -421,7 +492,8 @@ sub define_needs_isa
return <<EOF;
size_t psasim_serialise_${type_d}_needs($type value)
size_t psasim_serialise_${type_d}_needs(
$type value)
{
return psasim_serialise_${isa_d}_needs(value);
}
@ -716,6 +788,106 @@ int psasim_deserialise_return_buffer(uint8_t **pos,
EOF
}
sub define_psa_key_production_parameters_t_functions
{
return <<'EOF';
#define SER_TAG_SIZE 4
size_t psasim_serialise_psa_key_production_parameters_t_needs(
const psa_key_production_parameters_t *params,
size_t data_length)
{
/* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning,
* followed by size_t data_length, then the actual data from the structure.
*/
return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length;
}
int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
size_t *remaining,
const psa_key_production_parameters_t *params,
size_t data_length)
{
if (data_length > UINT32_MAX / 2) { /* arbitrary limit */
return 0; /* too big to serialise */
}
/* We use 32-bit lengths, which should be enough for any reasonable usage :) */
/* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */
uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length);
if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) {
return 0;
}
char tag[SER_TAG_SIZE] = "PKPP";
memcpy(*pos, tag, sizeof(tag));
memcpy(*pos + sizeof(tag), &len, sizeof(len));
*pos += sizeof(tag) + sizeof(len);
*remaining -= sizeof(tag) + sizeof(len);
memcpy(*pos, &data_length, sizeof(data_length));
memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length);
*pos += sizeof(data_length) + sizeof(*params) + data_length;
*remaining -= sizeof(data_length) + sizeof(*params) + data_length;
return 1;
}
int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos,
size_t *remaining,
psa_key_production_parameters_t **params,
size_t *data_length)
{
if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) {
return 0; /* can't even be an empty serialisation */
}
char tag[SER_TAG_SIZE] = "PKPP"; /* expected */
uint32_t len;
memcpy(&len, *pos + sizeof(tag), sizeof(len));
if (memcmp(*pos, tag, sizeof(tag)) != 0) {
return 0; /* wrong tag */
}
*pos += sizeof(tag) + sizeof(len);
*remaining -= sizeof(tag) + sizeof(len);
if (*remaining < sizeof(*data_length)) {
return 0; /* missing data_length */
}
memcpy(data_length, *pos, sizeof(*data_length));
if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) {
return 0; /* wrong length */
}
if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) {
return 0; /* not enough data provided */
}
*pos += sizeof(data_length);
*remaining -= sizeof(data_length);
psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length);
if (out == NULL) {
return 0; /* allocation failure */
}
memcpy(out, *pos, sizeof(*out) + *data_length);
*pos += sizeof(*out) + *data_length;
*remaining -= sizeof(*out) + *data_length;
*params = out;
return 1;
}
EOF
}
sub c_header
{
return <<'EOF';
@ -800,8 +972,10 @@ sub define_operation_type_data_and_functions
return <<EOF;
static psa_${type}_operation_t ${type}_operations[MAX_LIVE_HANDLES_PER_CLASS];
static psasim_client_handle_t ${type}_operation_handles[MAX_LIVE_HANDLES_PER_CLASS];
static psa_${type}_operation_t ${type}_operations[
MAX_LIVE_HANDLES_PER_CLASS];
static psasim_client_handle_t ${type}_operation_handles[
MAX_LIVE_HANDLES_PER_CLASS];
static psasim_client_handle_t next_${type}_operation_handle = 1;
/* Get a free slot */
@ -937,8 +1111,10 @@ EOF
my $what = $1; # e.g. "hash_operation"
$code .= <<EOF;
memset(${what}_handles, 0, sizeof(${what}_handles));
memset(${what}s, 0, sizeof(${what}s));
memset(${what}_handles, 0,
sizeof(${what}_handles));
memset(${what}s, 0,
sizeof(${what}s));
EOF
}

12
tests/psa-client-server/psasim/test/run_test.sh
View File

@ -13,6 +13,9 @@ set -e
cd "$(dirname "$0")"
CLIENT_BIN=$1
shift
function clean_run() {
rm -f psa_notify_*
pkill psa_partition || true
@ -30,8 +33,9 @@ function wait_for_server_startup() {
clean_run
./psa_partition -k &
SERV_PID=$!
./psa_partition &
wait_for_server_startup
./psa_client "$@"
wait $SERV_PID
./$CLIENT_BIN "$@"
# Kill server once client exited
pkill psa_partition

89
tests/scripts/all.sh
View File

@ -2440,9 +2440,8 @@ component_build_module_alt () {
scripts/config.py full
# Disable options that are incompatible with some ALT implementations:
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
# aesni.c references mbedtls_aes_context fields directly.
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
@ -4153,9 +4152,6 @@ build_test_config_combos() {
validate_aes_config_variations() {
if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
return 1
fi
if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
return 1
@ -4176,7 +4172,7 @@ component_build_aes_variations() {
build_test_config_combos library/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
cd "$MBEDTLS_ROOT_DIR"
@ -4193,7 +4189,7 @@ component_build_aes_variations() {
build_test_config_combos library/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
}
@ -4536,7 +4532,6 @@ component_test_aesni_m32 () { # ~ 60s
msg "build: default config with different AES implementations"
scripts/config.py set MBEDTLS_AESNI_C
scripts/config.py set MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
@ -4548,11 +4543,9 @@ component_test_aesni_m32 () { # ~ 60s
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
grep -q "AES note: built-in implementation." ./programs/test/selftest
grep -q "AES note: using VIA Padlock" ./programs/test/selftest
grep -q mbedtls_aesni_has_support ./programs/test/selftest
scripts/config.py set MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "AES tests, test AESNI only"
make clean
@ -4561,7 +4554,6 @@ component_test_aesni_m32 () { # ~ 60s
./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
grep -q "AES note: using AESNI" ./programs/test/selftest
not grep -q "AES note: built-in implementation." ./programs/test/selftest
not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
@ -4573,7 +4565,6 @@ support_test_aesni_m32_clang() {
component_test_aesni_m32_clang() {
scripts/config.py set MBEDTLS_AESNI_C
scripts/config.py set MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
@ -4585,7 +4576,6 @@ component_test_aesni_m32_clang() {
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
grep -q "AES note: built-in implementation." ./programs/test/selftest
grep -q "AES note: using VIA Padlock" ./programs/test/selftest
grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
@ -4744,24 +4734,6 @@ component_build_sha_armce () {
not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
}
# For timebeing, no VIA Padlock platform available.
component_build_aes_via_padlock () {
msg "AES:VIA PadLock, build with default configuration."
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py set MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
grep -q mbedtls_padlock_has_support ./programs/test/selftest
}
support_build_aes_via_padlock_only () {
( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
[ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
[ "`dpkg --print-foreign-architectures`" == "i386" ]
}
support_build_aes_aesce_armcc () {
support_build_armcc
}
@ -4769,7 +4741,6 @@ support_build_aes_aesce_armcc () {
component_test_aes_only_128_bit_keys () {
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
scripts/config.py unset MBEDTLS_PADLOCK_C
make CFLAGS='-O2 -Werror -Wall -Wextra'
@ -4781,7 +4752,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () {
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_PADLOCK_C
make CC=clang CFLAGS='-Werror -Wall -Wextra'
@ -4792,7 +4762,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () {
component_test_aes_only_128_bit_keys_have_builtins () {
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_AESCE_C
@ -4808,7 +4777,6 @@ component_test_aes_only_128_bit_keys_have_builtins () {
component_test_gcm_largetable () {
msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
scripts/config.py set MBEDTLS_GCM_LARGE_TABLE
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_AESCE_C
@ -5206,7 +5174,6 @@ component_test_m32_no_asm () {
msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
@ -5287,7 +5254,6 @@ component_test_have_int32 () {
msg "build: gcc, force 32-bit bignum limbs"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
@ -5299,7 +5265,6 @@ component_test_have_int64 () {
msg "build: gcc, force 64-bit bignum limbs"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
@ -5311,7 +5276,6 @@ component_test_have_int32_cmake_new_bignum () {
msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
scripts/config.py set MBEDTLS_TEST_HOOKS
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
@ -6080,47 +6044,16 @@ component_test_psasim() {
msg "build library for client"
helper_crypto_client_build client
msg "build psasim to test psa_client"
rm -f tests/psa-client-server/psasim/test/psa_client # In case left behind
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client
msg "build basic psasim client"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
msg "test basic psasim client"
tests/psa-client-server/psasim/test/run_test.sh psa_client_base
msg "test psasim"
tests/psa-client-server/psasim/test/run_test.sh
msg "build full psasim client"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full
msg "test full psasim client"
tests/psa-client-server/psasim/test/run_test.sh psa_client_full
msg "build psasim to test psa_hash_compute"
# Delete the executable to ensure we build using the right MAIN
rm tests/psa-client-server/psasim/test/psa_client
# API under test: psa_hash_compute()
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash_compute.c" test/psa_client
msg "test psasim running psa_hash_compute"
tests/psa-client-server/psasim/test/run_test.sh
# Next APIs under test: psa_hash_*(). Use our copy of the PSA hash example.
msg "build psasim to test all psa_hash_* APIs"
# Delete the executable to ensure we build using the right MAIN
rm tests/psa-client-server/psasim/test/psa_client
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash.c" test/psa_client
msg "test psasim running psa_hash sample"
tests/psa-client-server/psasim/test/run_test.sh
# Next APIs under test: psa_aead_*(). Use our copy of the PSA aead example.
msg "build psasim to test all psa_aead_* APIs"
# Delete the executable to ensure we build using the right MAIN
rm tests/psa-client-server/psasim/test/psa_client
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_aead_demo.c" test/psa_client
msg "test psasim running psa_aead_demo sample"
tests/psa-client-server/psasim/test/run_test.sh aes128-gcm
tests/psa-client-server/psasim/test/run_test.sh aes256-gcm
tests/psa-client-server/psasim/test/run_test.sh aes128-gcm_8
tests/psa-client-server/psasim/test/run_test.sh chachapoly
msg "clean psasim"
make -C tests/psa-client-server/psasim clean
}

4
tests/scripts/check_names.py
View File

@ -239,6 +239,7 @@ class CodeParser():
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
@ -253,6 +254,7 @@ class CodeParser():
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"library/*.c",
"3rdparty/everest/include/everest/everest.h",
@ -262,6 +264,7 @@ class CodeParser():
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
@ -270,6 +273,7 @@ class CodeParser():
"include/mbedtls/*.h",
"include/psa/*.h",
"tf-psa-crypto/include/psa/*.h",
"tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h",

6
tests/scripts/depends.py
View File

@ -369,7 +369,11 @@ class CipherInfo: # pylint: disable=too-few-public-methods
"""Collect data about cipher.h."""
def __init__(self):
self.base_symbols = set()
with open('include/mbedtls/cipher.h', encoding="utf-8") as fh:
if os.path.isdir('tf-psa-crypto'):
cipher_h_path = 'tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h'
else:
cipher_h_path = 'include/mbedtls/cipher.h'
with open(cipher_h_path, encoding="utf-8") as fh:
for line in fh:
m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line)
if m and m.group(1) not in ['NONE', 'NULL', '3DES']:

11
tests/scripts/test_psa_compliance.py
View File

@ -73,9 +73,14 @@ def main(library_build_dir: str):
os.mkdir(build_dir)
os.chdir(build_dir)
extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
if in_tf_psa_crypto_repo else
';{}/tf-psa-crypto/include'.format(root_dir))
# Temporary while the PSA compliance test suite is still run as part
# of Mbed TLS testing. When it is not the case anymore, the second case
# can be removed.
if in_tf_psa_crypto_repo:
extra_includes = ';{}/drivers/builtin/include'.format(root_dir)
elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')):
extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \
(';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir))
#pylint: disable=bad-continuation
subprocess.check_call([

4
tests/scripts/test_psa_constant_names.py
View File

@ -161,7 +161,9 @@ TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data']
def main():
parser = argparse.ArgumentParser(description=globals()['__doc__'])
parser.add_argument('--include', '-I',
action='append', default=['tf-psa-crypto/include', 'include'],
action='append', default=['tf-psa-crypto/include',
'tf-psa-crypto/drivers/builtin/include',
'include'],
help='Directory for header files')
parser.add_argument('--keep-c',
action='store_true', dest='keep_c', default=False,

27
tests/suites/test_suite_pk.function
View File

@ -64,14 +64,22 @@
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1
#elif defined(PSA_WANT_ECC_SECP_R1_224)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1
#elif defined(PSA_WANT_ECC_SECP_R1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1
#elif defined(PSA_WANT_ECC_SECP_K1_192)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1
#elif defined(PSA_WANT_ECC_SECP_K1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1
#elif defined(PSA_WANT_ECC_SECP_R1_224)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1
#elif defined(PSA_WANT_ECC_SECP_R1_384)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384
@ -80,18 +88,10 @@
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1
#elif defined(PSA_WANT_ECC_SECP_K1_192)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1
#elif defined(PSA_WANT_ECC_SECP_K1_224)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1
#elif defined(PSA_WANT_ECC_SECP_K1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
@ -128,7 +128,8 @@
#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256)
#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && \
!defined(PSA_WANT_ECC_SECP_R1_192)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256

14
include/mbedtls/aes.h → tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
View File

@ -35,7 +35,7 @@
#include <stddef.h>
#include <stdint.h>
/* padlock.c and aesni.c rely on these values! */
/* aesni.c relies on these values! */
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
@ -64,19 +64,15 @@ typedef struct mbedtls_aes_context {
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
round keys in the buffer. */
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold
10 round keys for 128-bit case. */
#else
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
<ul><li>Alignment if VIA padlock is
used.</li>
<li>Simplifying key expansion in the 256-bit
case by generating an extra round key.
</li></ul> */
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */
simplifying key expansion in the 256-bit
case by generating an extra round key. */
#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
}
mbedtls_aes_context;

0
include/mbedtls/aria.h → tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
View File

0
include/mbedtls/asn1.h → tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
View File

0
include/mbedtls/asn1write.h → tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
View File

0
include/mbedtls/base64.h → tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
View File

0
include/mbedtls/bignum.h → tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
View File

0
include/mbedtls/block_cipher.h → tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
View File

0
include/mbedtls/camellia.h → tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
View File

0
include/mbedtls/ccm.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
View File

0
include/mbedtls/chacha20.h → tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
View File

0
include/mbedtls/chachapoly.h → tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
View File

0
include/mbedtls/cipher.h → tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
View File

0
include/mbedtls/cmac.h → tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
View File

0
include/mbedtls/config_adjust_legacy_from_psa.h → tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
View File

0
include/mbedtls/config_adjust_psa_superset_legacy.h → tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
View File

4
include/mbedtls/config_psa.h → tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
View File

@ -34,7 +34,11 @@
* before we deduce what built-ins are required. */
#include "psa/crypto_adjust_config_key_pair_types.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* If we are implementing PSA crypto ourselves, then we want to enable the
* required built-ins. Otherwise, PSA features will be provided by the server. */
#include "mbedtls/config_adjust_legacy_from_psa.h"
#endif
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */

0
include/mbedtls/constant_time.h → tf-psa-crypto/drivers/builtin/include/mbedtls/constant_time.h
View File

0
include/mbedtls/ctr_drbg.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
View File

0
include/mbedtls/des.h → tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
View File

0
include/mbedtls/dhm.h → tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
View File

0
include/mbedtls/ecdh.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
View File

0
include/mbedtls/ecdsa.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
View File

0
include/mbedtls/ecjpake.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
View File

0
include/mbedtls/ecp.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
View File

0
include/mbedtls/entropy.h → tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
View File

1
include/mbedtls/error.h → tf-psa-crypto/drivers/builtin/include/mbedtls/error.h
View File

@ -45,7 +45,6 @@
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E 0x000B-0x000B
* PADLOCK 1 0x0030-0x0030
* DES 2 0x0032-0x0032 0x0033-0x0033
* CTR_DBRG 4 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F

0
include/mbedtls/gcm.h → tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
View File

0
include/mbedtls/hmac_drbg.h → tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
View File

0
include/mbedtls/lms.h → tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
View File

0
include/mbedtls/md.h → tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
View File

0
include/mbedtls/md5.h → tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
View File

0
include/mbedtls/memory_buffer_alloc.h → tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
View File

0
include/mbedtls/nist_kw.h → tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
View File

0
include/mbedtls/oid.h → tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
View File

0
include/mbedtls/pem.h → tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
View File

0
include/mbedtls/pk.h → tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
View File

0
include/mbedtls/pkcs12.h → tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
View File

0
include/mbedtls/pkcs5.h → tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
View File

0
include/mbedtls/platform.h → tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
View File

0
include/mbedtls/platform_time.h → tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
View File

0
include/mbedtls/platform_util.h → tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
View File

0
include/mbedtls/poly1305.h → tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
View File

0
include/mbedtls/private_access.h → tf-psa-crypto/drivers/builtin/include/mbedtls/private_access.h
View File

0
include/mbedtls/psa_util.h → tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
View File

0
include/mbedtls/ripemd160.h → tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
View File

0
include/mbedtls/rsa.h → tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
View File

0
include/mbedtls/sha1.h → tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
View File

0
include/mbedtls/sha256.h → tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
View File

0
include/mbedtls/sha3.h → tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
View File

0
include/mbedtls/sha512.h → tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
View File

Some files were not shown because too many files have changed in this diff Show More