From f8b9ebf2974d3891d3e0a04867d63e4f3c0af322 Mon Sep 17 00:00:00 2001 From: Hannes Tschofenig Date: Tue, 18 Jul 2023 13:46:10 +0100 Subject: [PATCH 001/185] Add example program for PSA hash This commit adds the example program for PSA hash as well as the relevant changes to CMakeLists.txt and the Makefile. Signed-off-by: Thomas Daubney --- programs/Makefile | 5 ++ programs/psa/CMakeLists.txt | 1 + programs/psa/psa_hash.c | 152 ++++++++++++++++++++++++++++++++++++ 3 files changed, 158 insertions(+) create mode 100644 programs/psa/psa_hash.c diff --git a/programs/Makefile b/programs/Makefile index 3509fc374d..0bd1b924ef 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -109,6 +109,7 @@ APPS = \ psa/hmac_demo \ psa/key_ladder_demo \ psa/psa_constant_names \ + psa/psa_hash \ random/gen_entropy \ random/gen_random_ctr_drbg \ ssl/dtls_client \ @@ -316,6 +317,10 @@ psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_ echo " CC psa/psa_constant_names.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP) + echo " CC psa/psa_hash.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP) echo " CC random/gen_entropy.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 7ba4af63d9..c8ee626d81 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -4,6 +4,7 @@ set(executables hmac_demo key_ladder_demo psa_constant_names + psa_hash ) if(GEN_FILES) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c new file mode 100644 index 0000000000..45f61320ee --- /dev/null +++ b/programs/psa/psa_hash.c @@ -0,0 +1,152 @@ +/* + * Example computing a SHA-256 hash using the PSA Crypto API + * + * The example computes the SHA-256 hash of a test string using the + * one-shot API call psa_hash_compute() and the using multi-part + * operation, which requires psa_hash_setup(), psa_hash_update() and + * psa_hash_finish(). The multi-part operation is popular on embedded + * devices where a rolling hash needs to be computed. + * + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" + +#define TEST_SHA256_HASH { \ + 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ + 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ + 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ +} + +const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; + +const size_t mbedtls_test_sha256_hash_len = + sizeof( mbedtls_test_sha256_hash ); + +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) +int main( void ) +{ + printf( "MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + "not defined.\r\n" ); + return( EXIT_SUCCESS ); +} +#else + +int main( void ) +{ + uint8_t buf[] = "Hello World!"; + psa_status_t status; + uint8_t hash[PSA_HASH_MAX_SIZE]; + size_t hash_size; + psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; + + printf( "PSA Crypto API: SHA-256 example\n\n" ); + + status = psa_crypto_init( ); + if( status != PSA_SUCCESS ) + { + printf( "psa_crypto_init failed\n" ); + return( EXIT_FAILURE ); + } + + + /* Compute hash using multi-part operation */ + + status = psa_hash_setup( &sha256_psa, PSA_ALG_SHA_256 ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_setup failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_update( &sha256_psa, buf, sizeof( buf ) ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_update failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_clone( &sha256_psa, &cloned_sha256 ); + if( status != PSA_SUCCESS ) + { + printf( "PSA hash clone failed" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_finish( &sha256_psa, hash, sizeof( hash ), &hash_size ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_finish failed\n" ); + return( EXIT_FAILURE ); + } + + status = psa_hash_verify( &cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_verify failed\n" ); + return( EXIT_FAILURE ); + } else + { + printf( "Multi-part hash operation successful!\n"); + } + + /* Compute hash using one-shot function call */ + memset( hash,0,sizeof( hash ) ); + hash_size = 0; + + status = psa_hash_compute( PSA_ALG_SHA_256, + buf, sizeof( buf ), + hash, sizeof( hash ), + &hash_size ); + if( status != PSA_SUCCESS ) + { + printf( "psa_hash_compute failed\n" ); + return( EXIT_FAILURE ); + } + + for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) + { + if( hash[j] != mbedtls_test_sha256_hash[j] ) + { + printf( "One-shot hash operation failed!\n\n"); + return( EXIT_FAILURE ); + } + } + + printf( "One-shot hash operation successful!\n\n"); + + printf( "The SHA-256( '%s' ) is:\n", buf ); + + for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) + { + if( j % 8 == 0 ) printf( "\n " ); + printf( "%02x ", hash[j] ); + } + + printf( "\n" ); + + mbedtls_psa_crypto_free( ); + return( EXIT_SUCCESS ); +} +#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ From 209c9c94925195c26cee30acf6ceb9ea612bda07 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 Jul 2023 14:59:45 +0100 Subject: [PATCH 002/185] Bring code-style up-to-date This PR was originally created before the code style was changed. This commit updates the style. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 126 +++++++++++++++++++--------------------- 1 file changed, 59 insertions(+), 67 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 45f61320ee..4be9c3839b 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,26 +33,26 @@ #include "mbedtls/build_info.h" #define TEST_SHA256_HASH { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ + 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ + 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ + 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; const size_t mbedtls_test_sha256_hash_len = - sizeof( mbedtls_test_sha256_hash ); + sizeof(mbedtls_test_sha256_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) -int main( void ) +int main(void) { - printf( "MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" - "not defined.\r\n" ); - return( EXIT_SUCCESS ); + printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + "not defined.\r\n"); + return EXIT_SUCCESS; } #else -int main( void ) +int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; @@ -61,92 +61,84 @@ int main( void ) psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; - printf( "PSA Crypto API: SHA-256 example\n\n" ); + printf("PSA Crypto API: SHA-256 example\n\n"); - status = psa_crypto_init( ); - if( status != PSA_SUCCESS ) - { - printf( "psa_crypto_init failed\n" ); - return( EXIT_FAILURE ); + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; } /* Compute hash using multi-part operation */ - status = psa_hash_setup( &sha256_psa, PSA_ALG_SHA_256 ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_setup failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); + if (status != PSA_SUCCESS) { + printf("psa_hash_setup failed\n"); + return EXIT_FAILURE; } - status = psa_hash_update( &sha256_psa, buf, sizeof( buf ) ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_update failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); + if (status != PSA_SUCCESS) { + printf("psa_hash_update failed\n"); + return EXIT_FAILURE; } - status = psa_hash_clone( &sha256_psa, &cloned_sha256 ); - if( status != PSA_SUCCESS ) - { - printf( "PSA hash clone failed" ); - return( EXIT_FAILURE ); + status = psa_hash_clone(&sha256_psa, &cloned_sha256); + if (status != PSA_SUCCESS) { + printf("PSA hash clone failed"); + return EXIT_FAILURE; } - status = psa_hash_finish( &sha256_psa, hash, sizeof( hash ), &hash_size ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_finish failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); + if (status != PSA_SUCCESS) { + printf("psa_hash_finish failed\n"); + return EXIT_FAILURE; } - status = psa_hash_verify( &cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_verify failed\n" ); - return( EXIT_FAILURE ); - } else - { - printf( "Multi-part hash operation successful!\n"); + status = + psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); + if (status != PSA_SUCCESS) { + printf("psa_hash_verify failed\n"); + return EXIT_FAILURE; + } else { + printf("Multi-part hash operation successful!\n"); } /* Compute hash using one-shot function call */ - memset( hash,0,sizeof( hash ) ); + memset(hash, 0, sizeof(hash)); hash_size = 0; - status = psa_hash_compute( PSA_ALG_SHA_256, - buf, sizeof( buf ), - hash, sizeof( hash ), - &hash_size ); - if( status != PSA_SUCCESS ) - { - printf( "psa_hash_compute failed\n" ); - return( EXIT_FAILURE ); + status = psa_hash_compute(PSA_ALG_SHA_256, + buf, sizeof(buf), + hash, sizeof(hash), + &hash_size); + if (status != PSA_SUCCESS) { + printf("psa_hash_compute failed\n"); + return EXIT_FAILURE; } - for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) - { - if( hash[j] != mbedtls_test_sha256_hash[j] ) - { - printf( "One-shot hash operation failed!\n\n"); - return( EXIT_FAILURE ); + for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + if (hash[j] != mbedtls_test_sha256_hash[j]) { + printf("One-shot hash operation failed!\n\n"); + return EXIT_FAILURE; } } - printf( "One-shot hash operation successful!\n\n"); + printf("One-shot hash operation successful!\n\n"); - printf( "The SHA-256( '%s' ) is:\n", buf ); + printf("The SHA-256( '%s' ) is:\n", buf); - for( size_t j = 0; j < mbedtls_test_sha256_hash_len; j++ ) - { - if( j % 8 == 0 ) printf( "\n " ); - printf( "%02x ", hash[j] ); + for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", hash[j]); } - printf( "\n" ); + printf("\n"); - mbedtls_psa_crypto_free( ); - return( EXIT_SUCCESS ); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ From 8907815866bf853a1e4792a84767f9e31ed8b1c8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 18 Jul 2023 18:29:46 +0100 Subject: [PATCH 003/185] Added ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/add-psa-example-program-hash.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-psa-example-program-hash.txt diff --git a/ChangeLog.d/add-psa-example-program-hash.txt b/ChangeLog.d/add-psa-example-program-hash.txt new file mode 100644 index 0000000000..ba4da20d33 --- /dev/null +++ b/ChangeLog.d/add-psa-example-program-hash.txt @@ -0,0 +1,2 @@ +Features + * Added an example program showing how to hash with the PSA API. From f7348ae1fc298ed4b1e3e3aceb95cb3f60b56885 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 Jul 2023 12:18:40 +0100 Subject: [PATCH 004/185] Improve program from first round review comments Following an initial review: - Swap printf for mbedtls_printf - Remove MBEDTLS_xxx dependencies - Demonstrate correct buffer sizing Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 4be9c3839b..07d0b4fa94 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -31,6 +31,7 @@ #include #include "mbedtls/build_info.h" +#include "mbedtls/platform.h" #define TEST_SHA256_HASH { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ @@ -43,10 +44,10 @@ const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; const size_t mbedtls_test_sha256_hash_len = sizeof(mbedtls_test_sha256_hash); -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_SHA256_C) +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { - printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" "not defined.\r\n"); return EXIT_SUCCESS; } @@ -56,16 +57,16 @@ int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; - uint8_t hash[PSA_HASH_MAX_SIZE]; + uint8_t hash[PSA_HASH_LENGTH(PSA_ALG_SHA_256)]; size_t hash_size; psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; - printf("PSA Crypto API: SHA-256 example\n\n"); + mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); status = psa_crypto_init(); if (status != PSA_SUCCESS) { - printf("psa_crypto_init failed\n"); + mbedtls_printf("psa_crypto_init failed\n"); return EXIT_FAILURE; } @@ -74,35 +75,35 @@ int main(void) status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); if (status != PSA_SUCCESS) { - printf("psa_hash_setup failed\n"); + mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); if (status != PSA_SUCCESS) { - printf("psa_hash_update failed\n"); + mbedtls_printf("psa_hash_update failed\n"); return EXIT_FAILURE; } status = psa_hash_clone(&sha256_psa, &cloned_sha256); if (status != PSA_SUCCESS) { - printf("PSA hash clone failed"); + mbedtls_printf("PSA hash clone failed"); return EXIT_FAILURE; } status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { - printf("psa_hash_finish failed\n"); + mbedtls_printf("psa_hash_finish failed\n"); return EXIT_FAILURE; } status = psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); if (status != PSA_SUCCESS) { - printf("psa_hash_verify failed\n"); + mbedtls_printf("psa_hash_verify failed\n"); return EXIT_FAILURE; } else { - printf("Multi-part hash operation successful!\n"); + mbedtls_printf("Multi-part hash operation successful!\n"); } /* Compute hash using one-shot function call */ @@ -114,29 +115,29 @@ int main(void) hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { - printf("psa_hash_compute failed\n"); + mbedtls_printf("psa_hash_compute failed\n"); return EXIT_FAILURE; } for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (hash[j] != mbedtls_test_sha256_hash[j]) { - printf("One-shot hash operation failed!\n\n"); + mbedtls_printf("One-shot hash operation failed!\n\n"); return EXIT_FAILURE; } } - printf("One-shot hash operation successful!\n\n"); + mbedtls_printf("One-shot hash operation successful!\n\n"); - printf("The SHA-256( '%s' ) is:\n", buf); + mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (j % 8 == 0) { - printf("\n "); + mbedtls_printf("\n "); } - printf("%02x ", hash[j]); + mbedtls_printf("%02x ", hash[j]); } - printf("\n"); + mbedtls_printf("\n"); mbedtls_psa_crypto_free(); return EXIT_SUCCESS; From 1db78fa32a2e716cfc670f826e7a47d5cd71d4ad Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 24 Jul 2023 16:49:14 +0100 Subject: [PATCH 005/185] Demonstrate algorithm agility Define HALH_ALG to the desired PSA algorithm to demostrate the ease of swapping algorithms with the PSA API. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 07d0b4fa94..adf547d0b4 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,6 +33,8 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" +#define HASH_ALG PSA_ALG_SHA_256 + #define TEST_SHA256_HASH { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ @@ -57,7 +59,7 @@ int main(void) { uint8_t buf[] = "Hello World!"; psa_status_t status; - uint8_t hash[PSA_HASH_LENGTH(PSA_ALG_SHA_256)]; + uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_size; psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; @@ -73,7 +75,7 @@ int main(void) /* Compute hash using multi-part operation */ - status = psa_hash_setup(&sha256_psa, PSA_ALG_SHA_256); + status = psa_hash_setup(&sha256_psa, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; @@ -110,7 +112,7 @@ int main(void) memset(hash, 0, sizeof(hash)); hash_size = 0; - status = psa_hash_compute(PSA_ALG_SHA_256, + status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), &hash_size); From 9520df7580c570c00d6492e706aff234ed98acfa Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jul 2023 10:56:54 +0100 Subject: [PATCH 006/185] Fix code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index adf547d0b4..6cb0cb834a 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -50,7 +50,7 @@ const size_t mbedtls_test_sha256_hash_len = int main(void) { mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" - "not defined.\r\n"); + "not defined.\r\n"); return EXIT_SUCCESS; } #else From 1fd916a1a3e63d69084a0cfd9dabd00819b116b4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jul 2023 16:10:48 +0100 Subject: [PATCH 007/185] Address review comments - make operation name more generic - make use of psa_hash_abort Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 6cb0cb834a..47ba2dcf53 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -61,48 +61,60 @@ int main(void) psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_size; - psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_sha256 = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_printf("psa_crypto_init failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - /* Compute hash using multi-part operation */ - status = psa_hash_setup(&sha256_psa, HASH_ALG); + status = psa_hash_setup(&psa_hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_update(&sha256_psa, buf, sizeof(buf)); + status = psa_hash_update(&psa_hash_operation, buf, sizeof(buf)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_clone(&sha256_psa, &cloned_sha256); + status = psa_hash_clone(&psa_hash_operation, &cloned_psa_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } - status = psa_hash_finish(&sha256_psa, hash, sizeof(hash), &hash_size); + status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_size); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } status = - psa_hash_verify(&cloned_sha256, mbedtls_test_sha256_hash, mbedtls_test_sha256_hash_len); + psa_hash_verify(&cloned_psa_hash_operation, mbedtls_test_sha256_hash, + mbedtls_test_sha256_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } else { mbedtls_printf("Multi-part hash operation successful!\n"); @@ -118,12 +130,16 @@ int main(void) &hash_size); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { if (hash[j] != mbedtls_test_sha256_hash[j]) { mbedtls_printf("One-shot hash operation failed!\n\n"); + psa_hash_abort(&psa_hash_operation); + psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } } From 2fcf04f46869cbe3e3bdb601a83659705206b345 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 14 Jun 2019 18:23:03 +0200 Subject: [PATCH 008/185] Run demo scripts and check that they work run_demos.py is the frontend to a framework for smoke-testing the sample programs. It runs scripts called programs/*/*_demo.sh ("demo scripts") and check that they succeed. A typical demo script runs one sample program or a combination of sample programs to demonstrate their usage. Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 41 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 tests/scripts/run_demos.py diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py new file mode 100755 index 0000000000..3d4b1e0c65 --- /dev/null +++ b/tests/scripts/run_demos.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 +"""Run the Mbed TLS demo scripts. +""" +import glob +import subprocess +import sys + +def run_demo(demo): + """Run the specified demo script. Return True if it succeeds.""" + returncode = subprocess.call([demo]) + return returncode == 0 + +def run_demos(demos): + """Run the specified demos and print summary information about failures. + + Return True if all demos passed and False if a demo fails. + """ + failures = [] + for demo in demos: + print('#### {} ####'.format(demo)) + if not run_demo(demo): + failures.append(demo) + print('{}: FAIL'.format(demo)) + print('') + successes = len(demos) - len(failures) + print('{}/{} demos passed'.format(successes, len(demos))) + if failures: + print('Failures:', *failures) + return not failures + +def run_all_demos(): + """Run all the available demos. + + Return True if all demos passed and False if a demo fails. + """ + all_demos = glob.glob('programs/*/*_demo.sh') + return run_demos(all_demos) + +if __name__ == '__main__': + if not run_all_demos(): + sys.exit(1) From d1b5f6f6099f097a4464751c4d38b09ebfdb36cd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 17:33:36 +0200 Subject: [PATCH 009/185] Move common code of demo scripts into a library The new file programs/demo_common.sh contains initialization code, utility functions and cleanup code meant to be used by all demo scripts written in sh. Initial features: * msg: Display a message. * run, run_bad: Run a command, visibly. * $root_dir, $programs_dir: location of the mbedtls source tree. * $files_to_clean: files that are cleaned up on exit. Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 89 +++++++++++++++++++++++++++++++++ programs/psa/key_ladder_demo.sh | 40 ++++----------- 2 files changed, 98 insertions(+), 31 deletions(-) create mode 100644 programs/demo_common.sh diff --git a/programs/demo_common.sh b/programs/demo_common.sh new file mode 100644 index 0000000000..91b33b9e89 --- /dev/null +++ b/programs/demo_common.sh @@ -0,0 +1,89 @@ +## Common shell functions used by demo scripts programs/*/*.sh. + +## How to write a demo script +## ========================== +## +## Include this file near the top of each demo script: +## . "${0%/*}/../demo_common.sh" +## +## As the last thing in the script, call the cleanup function. +## +## You can use the functions and variables described below. + +set -e -u + +## $root_dir is the root directory of the Mbed TLS source tree. +root_dir="${0%/*}" +n=4 # limit the search depth +while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do + if [ $n -eq 0 ]; then + echo >&2 "This doesn't seem to be an Mbed TLS source tree." + exit 125 + fi + n=$((n - 1)) + case $root_dir in + .) root_dir="..";; + ..|?*/..) root_dir="$root_dir/..";; + ?*/*) root_dir="${root_dir%/*}";; + /*) root_dir="/";; + *) root_dir=".";; + esac +done + +## $programs_dir is the directory containing the sample programs. +programs_dir="$root_dir/programs" + +## msg LINE... +## msg Date: Thu, 23 Apr 2020 17:50:26 +0200 Subject: [PATCH 010/185] Demo scripts: create a seedfile if the configuration requires it Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/programs/demo_common.sh b/programs/demo_common.sh index 91b33b9e89..fcd0752850 100644 --- a/programs/demo_common.sh +++ b/programs/demo_common.sh @@ -71,6 +71,14 @@ run_bad () { not "$@" } +## config_has SYMBOL... +## Succeeds if the library configuration has all SYMBOLs set. +config_has () { + for x in "$@"; do + "$programs_dir/test/query_compile_time_config" "$x" + done +} + ## Add the names of files to clean up to this whitespace-separated variable. ## The file names must not contain whitespace characters. files_to_clean= @@ -87,3 +95,11 @@ cleanup () { trap 'cleanup; trap - HUP; kill -HUP $$' HUP trap 'cleanup; trap - INT; kill -INT $$' INT trap 'cleanup; trap - TERM; kill -TERM $$' TERM + +if config_has MBEDTLS_ENTROPY_NV_SEED; then + # Create a seedfile that's sufficiently long in all library configurations. + # This is necessary for programs that use randomness. + # Assume that the name of the seedfile is the default name. + files_to_clean="$files_to_clean seedfile" + dd if=/dev/urandom of=seedfile ibs=64 obs=64 count=1 +fi From b2bcdc1c1746e8beb8d2ff23c54f15bffa9fd450 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Apr 2020 18:50:37 +0200 Subject: [PATCH 011/185] Let demo scripts declare their dependencies Demo scripts should declare their build-time dependencies, to make them more user-friendly. If a dependency is not met, users should see an explicit message rather than an incomprehensible error. Don't rely on the dependencies of individual programs because some demo scripts use multiple programs and because some scripts might have additional requirements. Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/programs/demo_common.sh b/programs/demo_common.sh index fcd0752850..78763b82e5 100644 --- a/programs/demo_common.sh +++ b/programs/demo_common.sh @@ -6,6 +6,10 @@ ## Include this file near the top of each demo script: ## . "${0%/*}/../demo_common.sh" ## +## Start with a "msg" call that explains the purpose of the script. +## Then call the "depends_on" function to ensure that all config +## dependencies are met. +## ## As the last thing in the script, call the cleanup function. ## ## You can use the functions and variables described below. @@ -79,6 +83,20 @@ config_has () { done } +## depends_on SYMBOL... +## Exit if the library configuration does not have all SYMBOLs set. +depends_on () { + if ! config_has "$@"; then + cat >&2 < Date: Wed, 22 Apr 2020 21:45:49 +0200 Subject: [PATCH 012/185] Declare the dependencies of key_ladder_demo.sh Signed-off-by: Gilles Peskine --- programs/psa/key_ladder_demo.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 0186183f93..dbe925b51c 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -23,6 +23,8 @@ create a master key, derive a key from it and use that key to wrap the derived key using an AEAD algorithm. EOF +depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO + program="${0%/*}"/key_ladder_demo if [ -e master.key ]; then From 82b2727e51d919e5ff742661d862aca64ddfeeba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 14 Jun 2019 18:27:03 +0200 Subject: [PATCH 013/185] Run demo scripts in some builds Run the sample program demo scripts in builds with a configuration that is at least as complete as the default configuration. Do not run sample programs in all configurations since they are expected to fail if a required feature is missing. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e3db6fdbd6..747a2c80ba 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1003,6 +1003,9 @@ component_test_default_out_of_box () { msg "selftest: make, default config (out-of-box)" # ~10s programs/test/selftest + + msg "program demos: make, default config (out-of-box)" # ~10s + tests/scripts/run_demos.py } component_test_default_cmake_gcc_asan () { @@ -1013,6 +1016,9 @@ component_test_default_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test + msg "program demos (ASan build)" # ~10s + tests/scripts/run_demos.py + msg "test: selftest (ASan build)" # ~ 10s programs/test/selftest @@ -1858,6 +1864,9 @@ component_test_full_cmake_clang () { msg "test: cpp_dummy_build (full config, clang)" # ~ 1s programs/test/cpp_dummy_build + msg "program demos (full config, clang)" # ~10s + tests/scripts/run_demos.py + msg "test: psa_constant_names (full config, clang)" # ~ 1s tests/scripts/test_psa_constant_names.py @@ -2021,6 +2030,9 @@ component_test_full_deprecated_warning () { msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s make test + + msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s + tests/scripts/run_demos.py } # Check that the specified libraries exist and are empty. @@ -4606,6 +4618,9 @@ component_test_memsan () { msg "test: main suites (MSan)" # ~ 10s make test + msg "program demos (MSan)" # ~20s + tests/scripts/run_demos.py + msg "test: ssl-opt.sh (MSan)" # ~ 1 min tests/ssl-opt.sh From c142620724ace3c56f8096956482be13f27a83ad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 22:29:12 +0200 Subject: [PATCH 014/185] cleanup is part of the external interface Since there's no EXIT trap in plain sh, the main script must call it explicitly when it exits. Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/programs/demo_common.sh b/programs/demo_common.sh index 78763b82e5..ef2acfcc0a 100644 --- a/programs/demo_common.sh +++ b/programs/demo_common.sh @@ -101,15 +101,18 @@ EOF ## The file names must not contain whitespace characters. files_to_clean= +## Call this function at the end of each script. +## It is called automatically if the script is killed by a signal. +cleanup () { + rm -f -- $files_to_clean +} + ################################################################ ## End of the public interfaces. Code beyond this point is not ## meant to be called directly from a demo script. -cleanup () { - rm -f -- $files_to_clean -} trap 'cleanup; trap - HUP; kill -HUP $$' HUP trap 'cleanup; trap - INT; kill -INT $$' INT trap 'cleanup; trap - TERM; kill -TERM $$' TERM From fc09d27a92a0d8d7205577299bfab91e2c12ff4a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 22:29:57 +0200 Subject: [PATCH 015/185] Print only missing dependencies Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/programs/demo_common.sh b/programs/demo_common.sh index ef2acfcc0a..ff3f0408c9 100644 --- a/programs/demo_common.sh +++ b/programs/demo_common.sh @@ -86,11 +86,17 @@ config_has () { ## depends_on SYMBOL... ## Exit if the library configuration does not have all SYMBOLs set. depends_on () { - if ! config_has "$@"; then + m= + for x in "$@"; do + if ! config_has "$x"; then + m="$m $x" + fi + done + if [ -n "$m" ]; then cat >&2 < Date: Sun, 26 Apr 2020 22:31:35 +0200 Subject: [PATCH 016/185] Explain why $root_dir needs a complicated calculation Signed-off-by: Gilles Peskine --- programs/demo_common.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/programs/demo_common.sh b/programs/demo_common.sh index ff3f0408c9..d8fcda5544 100644 --- a/programs/demo_common.sh +++ b/programs/demo_common.sh @@ -18,6 +18,10 @@ set -e -u ## $root_dir is the root directory of the Mbed TLS source tree. root_dir="${0%/*}" +# Find a nice path to the root directory, avoiding unnecessary "../". +# The code supports demo scripts nested up to 4 levels deep. +# The code works no matter where the demo script is relative to the current +# directory, even if it is called with a relative path. n=4 # limit the search depth while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do if [ $n -eq 0 ]; then @@ -35,6 +39,7 @@ while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do done ## $programs_dir is the directory containing the sample programs. +# Assume an in-tree build. programs_dir="$root_dir/programs" ## msg LINE... From 198d87ad527c494d31840c878840097966c5486c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 22:33:48 +0200 Subject: [PATCH 017/185] Minor readability improvements Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py index 3d4b1e0c65..c8e3996650 100755 --- a/tests/scripts/run_demos.py +++ b/tests/scripts/run_demos.py @@ -18,7 +18,8 @@ def run_demos(demos): failures = [] for demo in demos: print('#### {} ####'.format(demo)) - if not run_demo(demo): + success = run_demo(demo) + if not success: failures.append(demo) print('{}: FAIL'.format(demo)) print('') @@ -36,6 +37,9 @@ def run_all_demos(): all_demos = glob.glob('programs/*/*_demo.sh') return run_demos(all_demos) +def main(): + success = run_all_demos() + sys.exit(0 if success else 1) + if __name__ == '__main__': - if not run_all_demos(): - sys.exit(1) + main() From 086f85f0556f0f9644382e60a4e83e090e0c7a75 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 22:43:05 +0200 Subject: [PATCH 018/185] Fix some mistakes in descriptive messages Signed-off-by: Gilles Peskine --- programs/psa/key_ladder_demo.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index dbe925b51c..bb4a24f752 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -19,8 +19,8 @@ msg <<'EOF' This script demonstrates the use of the PSA cryptography interface to -create a master key, derive a key from it and use that key to wrap -the derived key using an AEAD algorithm. +create a master key, derive a key from it and use that derived key to +wrap some data using an AEAD algorithm. EOF depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO @@ -49,7 +49,7 @@ run "Compare the unwrapped data with the original input." \ cmp input.txt hello_world.txt files_to_clean="$files_to_clean hellow_orld.txt" -run_bad "Derive a different key and attempt to unwrap the data. This must fail." \ +run_bad "Derive a different key and attempt to unwrap the data." \ "$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld files_to_clean="$files_to_clean hello.key" From 9fdc657cbf33dfb24f77c86e31a0af15b2d7a94e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 26 Apr 2020 22:51:05 +0200 Subject: [PATCH 019/185] Add --quiet option to suppress demos' output Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py index c8e3996650..fcf13cd8e9 100755 --- a/tests/scripts/run_demos.py +++ b/tests/scripts/run_demos.py @@ -1,44 +1,57 @@ #!/usr/bin/env python3 """Run the Mbed TLS demo scripts. """ +import argparse import glob import subprocess import sys -def run_demo(demo): +def run_demo(demo, quiet=False): """Run the specified demo script. Return True if it succeeds.""" - returncode = subprocess.call([demo]) + args = {} + if quiet: + args['stdout'] = subprocess.DEVNULL + args['stderr'] = subprocess.DEVNULL + returncode = subprocess.call([demo], **args) return returncode == 0 -def run_demos(demos): +def run_demos(demos, quiet=False): """Run the specified demos and print summary information about failures. Return True if all demos passed and False if a demo fails. """ failures = [] for demo in demos: - print('#### {} ####'.format(demo)) - success = run_demo(demo) + if not quiet: + print('#### {} ####'.format(demo)) + success = run_demo(demo, quiet=quiet) if not success: failures.append(demo) - print('{}: FAIL'.format(demo)) - print('') + if not quiet: + print('{}: FAIL'.format(demo)) + if not quiet: + print('') successes = len(demos) - len(failures) print('{}/{} demos passed'.format(successes, len(demos))) if failures: print('Failures:', *failures) return not failures -def run_all_demos(): +def run_all_demos(quiet=False): """Run all the available demos. Return True if all demos passed and False if a demo fails. """ all_demos = glob.glob('programs/*/*_demo.sh') - return run_demos(all_demos) + return run_demos(all_demos, quiet=quiet) def main(): - success = run_all_demos() + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('--quiet', '-q', + action='store_true', + help="suppress the output of demos") + options = parser.parse_args() + success = run_all_demos(quiet=options.quiet) sys.exit(0 if success else 1) if __name__ == '__main__': From 1b01559fea0dcac3f133120a4def3803b278afe7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 27 Apr 2020 10:39:20 +0200 Subject: [PATCH 020/185] Error out if run from the wrong directory Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py index fcf13cd8e9..6d86a9bf23 100755 --- a/tests/scripts/run_demos.py +++ b/tests/scripts/run_demos.py @@ -43,6 +43,8 @@ def run_all_demos(quiet=False): Return True if all demos passed and False if a demo fails. """ all_demos = glob.glob('programs/*/*_demo.sh') + if not all_demos: + raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.') return run_demos(all_demos, quiet=quiet) def main(): From 2f8c545d3dfb63b7f99754abac913245fb17a4a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 27 Apr 2020 11:00:59 +0200 Subject: [PATCH 021/185] Make --quiet a little less quiet Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py index 6d86a9bf23..6c6142c14f 100755 --- a/tests/scripts/run_demos.py +++ b/tests/scripts/run_demos.py @@ -29,11 +29,13 @@ def run_demos(demos, quiet=False): failures.append(demo) if not quiet: print('{}: FAIL'.format(demo)) - if not quiet: + if quiet: + print('{}: {}'.format(demo, 'PASS' if success else 'FAIL')) + else: print('') successes = len(demos) - len(failures) print('{}/{} demos passed'.format(successes, len(demos))) - if failures: + if failures and not quiet: print('Failures:', *failures) return not failures From 63c3534981dff55c6f4f8831f82dc7639d2daa1b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 27 Apr 2020 14:34:38 +0200 Subject: [PATCH 022/185] Pacify Pylint Signed-off-by: Gilles Peskine --- tests/scripts/run_demos.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/run_demos.py b/tests/scripts/run_demos.py index 6c6142c14f..6a63d232fe 100755 --- a/tests/scripts/run_demos.py +++ b/tests/scripts/run_demos.py @@ -46,6 +46,7 @@ def run_all_demos(quiet=False): """ all_demos = glob.glob('programs/*/*_demo.sh') if not all_demos: + # Keep the message on one line. pylint: disable=line-too-long raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.') return run_demos(all_demos, quiet=quiet) From c25ae6f48c41362073ed31368ccc667971ed13b8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jul 2023 19:53:04 +0200 Subject: [PATCH 023/185] Use demo_common.sh in dlopen test script Signed-off-by: Gilles Peskine --- programs/test/dlopen_demo.sh | 33 ++++++--------------------------- 1 file changed, 6 insertions(+), 27 deletions(-) diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index a6a9022fc8..4c5384c0cc 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -18,33 +18,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -e -u +. "${0%/*}/../demo_common.sh" -program_name="dlopen" -program_dir="${0%/*}" -program="$program_dir/$program_name" +msg "Test the dynamic loading of libmbed*" -if [ ! -e "$program" ]; then - # Look for programs in the current directory and the directories above it - for dir in "." ".." "../.."; do - program_dir="$dir/programs/test" - program="$program_dir/$program_name" - if [ -e "$program" ]; then - break - fi - done - if [ ! -e "$program" ]; then - echo "Could not find $program_name program" - - echo "Make sure that Mbed TLS is built as a shared library." \ - "If building out-of-tree, this script must be run" \ - "from the project build directory." - exit 1 - fi -fi - -top_dir="$program_dir/../.." -library_dir="$top_dir/library" +program="$programs_dir/test/dlopen" +library_dir="$root_dir/library" # ELF-based Unix-like (Linux, *BSD, Solaris, ...) if [ -n "${LD_LIBRARY_PATH-}" ]; then @@ -62,6 +41,6 @@ else fi export DYLD_LIBRARY_PATH -echo "Running dynamic loading test program: $program" -echo "Loading libraries from: $library_dir" +msg "Running dynamic loading test program: $program" +msg "Loading libraries from: $library_dir" "$program" From f5d2d1c7cdc3c62339dc42b7e4d1ef7437826a4e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jul 2023 20:13:53 +0200 Subject: [PATCH 024/185] Skip dlopen demo in static builds Signed-off-by: Gilles Peskine --- programs/test/dlopen_demo.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh index 4c5384c0cc..b162d7b5f2 100755 --- a/programs/test/dlopen_demo.sh +++ b/programs/test/dlopen_demo.sh @@ -25,6 +25,14 @@ msg "Test the dynamic loading of libmbed*" program="$programs_dir/test/dlopen" library_dir="$root_dir/library" +# Skip this test if we don't have a shared library build. Detect this +# through the absence of the demo program. +if [ ! -e "$program" ]; then + msg "$0: this demo requires a shared library build." + # Exit with a success status so that this counts as a pass for run_demos.py. + exit +fi + # ELF-based Unix-like (Linux, *BSD, Solaris, ...) if [ -n "${LD_LIBRARY_PATH-}" ]; then LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH" From f1517e690ae5745cdd091e6b34fa49a08f32daca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jul 2023 20:59:14 +0200 Subject: [PATCH 025/185] PermissionIssueTracker is obsoleted by ShebangIssueTracker ShebangIssueTracker implements the rule that scripts must be executable if and only if they have a shebang line. By removing PermissionIssueTracker, we now allow files with any extension to be executable (provided they have a shebang line), and allow *.sh and *.pl to be non-executable modules if they don't have a shebang line (as was already the case for *.py). Signed-off-by: Gilles Peskine --- tests/scripts/check_files.py | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 352b55eaa8..238a83fabb 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -162,24 +162,6 @@ def is_windows_file(filepath): return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj') -class PermissionIssueTracker(FileIssueTracker): - """Track files with bad permissions. - - Files that are not executable scripts must not be executable.""" - - heading = "Incorrect permissions:" - - # .py files can be either full scripts or modules, so they may or may - # not be executable. - suffix_exemptions = frozenset({".py"}) - - def check_file_for_issue(self, filepath): - is_executable = os.access(filepath, os.X_OK) - should_be_executable = filepath.endswith((".sh", ".pl")) - if is_executable != should_be_executable: - self.files_with_issues[filepath] = None - - class ShebangIssueTracker(FileIssueTracker): """Track files with a bad, missing or extraneous shebang line. @@ -386,7 +368,6 @@ class IntegrityChecker: self.logger = None self.setup_logger(log_file) self.issues_to_check = [ - PermissionIssueTracker(), ShebangIssueTracker(), EndOfFileNewlineIssueTracker(), Utf8BomIssueTracker(), From 2c872340e859622dc50e99d1d8e98504bc6a04c3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:21:38 +0100 Subject: [PATCH 026/185] Fix erroneous macro guards Replace MBEDTLS_SHA256_C for PSA_WANT_ALG_SHA_256 everywhere, including comments and print statements. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 47ba2dcf53..9cd5a3e007 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -49,7 +49,7 @@ const size_t mbedtls_test_sha256_hash_len = #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { - mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and MBEDTLS_SHA256_C" + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" "not defined.\r\n"); return EXIT_SUCCESS; } @@ -160,4 +160,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_SHA256_C */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From 6fc4ca2d858162d2da5fb58404fb8183f00a3ca6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:31:06 +0100 Subject: [PATCH 027/185] Replace hash_size with hash_length This is to make the variable naming covnention align with the PSA API documentation. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9cd5a3e007..5c565db2ee 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -60,7 +60,7 @@ int main(void) uint8_t buf[] = "Hello World!"; psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; - size_t hash_size; + size_t hash_length; psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; @@ -100,7 +100,7 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_size); + status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); psa_hash_abort(&psa_hash_operation); @@ -122,12 +122,12 @@ int main(void) /* Compute hash using one-shot function call */ memset(hash, 0, sizeof(hash)); - hash_size = 0; + hash_length = 0; status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), - &hash_size); + &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); psa_hash_abort(&psa_hash_operation); From a79f8062257ade6b48a5a450682376b26e2016da Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:33:20 +0100 Subject: [PATCH 028/185] Remove superfluous calls to psa_hash_abort Calls were not required since psa_hash_setup was yet to be called. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 5c565db2ee..59375c27e3 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -69,8 +69,6 @@ int main(void) status = psa_crypto_init(); if (status != PSA_SUCCESS) { mbedtls_printf("psa_crypto_init failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); return EXIT_FAILURE; } From c050037c08f588d5f87440ba7feb6f8305c51ef9 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:44:25 +0100 Subject: [PATCH 029/185] Remove mbedtls_ and psa_ prefix from var names Remove the mbedtls and psa prefixes from variable names in order to make clearer what is part of the API and what is just part of the demo program. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 58 ++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 59375c27e3..abfc191749 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -41,10 +41,10 @@ 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } -const uint8_t mbedtls_test_sha256_hash[] = TEST_SHA256_HASH; +const uint8_t test_sha256_hash[] = TEST_SHA256_HASH; -const size_t mbedtls_test_sha256_hash_len = - sizeof(mbedtls_test_sha256_hash); +const size_t test_sha256_hash_len = + sizeof(test_sha256_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -61,8 +61,8 @@ int main(void) psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_length; - psa_hash_operation_t psa_hash_operation = PSA_HASH_OPERATION_INIT; - psa_hash_operation_t cloned_psa_hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); @@ -74,45 +74,45 @@ int main(void) /* Compute hash using multi-part operation */ - status = psa_hash_setup(&psa_hash_operation, HASH_ALG); + status = psa_hash_setup(&hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_update(&psa_hash_operation, buf, sizeof(buf)); + status = psa_hash_update(&hash_operation, buf, sizeof(buf)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_clone(&psa_hash_operation, &cloned_psa_hash_operation); + status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - status = psa_hash_finish(&psa_hash_operation, hash, sizeof(hash), &hash_length); + status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } status = - psa_hash_verify(&cloned_psa_hash_operation, mbedtls_test_sha256_hash, - mbedtls_test_sha256_hash_len); + psa_hash_verify(&cloned_hash_operation, test_sha256_hash, + test_sha256_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } else { mbedtls_printf("Multi-part hash operation successful!\n"); @@ -128,16 +128,16 @@ int main(void) &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } - for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { - if (hash[j] != mbedtls_test_sha256_hash[j]) { + for (size_t j = 0; j < test_sha256_hash_len; j++) { + if (hash[j] != test_sha256_hash[j]) { mbedtls_printf("One-shot hash operation failed!\n\n"); - psa_hash_abort(&psa_hash_operation); - psa_hash_abort(&cloned_psa_hash_operation); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } } @@ -146,7 +146,7 @@ int main(void) mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); - for (size_t j = 0; j < mbedtls_test_sha256_hash_len; j++) { + for (size_t j = 0; j < test_sha256_hash_len; j++) { if (j % 8 == 0) { mbedtls_printf("\n "); } @@ -158,4 +158,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file From 3071c85835c742e201ac6bd42770fa7d28a8b8f1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:47:47 +0100 Subject: [PATCH 030/185] Clarify comments Clarify comments when moving into one-shot part of demo. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index abfc191749..f7b2f91974 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -118,10 +118,11 @@ int main(void) mbedtls_printf("Multi-part hash operation successful!\n"); } - /* Compute hash using one-shot function call */ + /* Clear local variables prior to one-shot hash demo */ memset(hash, 0, sizeof(hash)); hash_length = 0; + /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, buf, sizeof(buf), hash, sizeof(hash), From c07fa29b58b8ae6a3d1fc79cc14b04649c5c07a0 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 14:58:55 +0100 Subject: [PATCH 031/185] Change wording in error message Change wording from "failed" since this implied the function had returned an error status instead of producing the wrong result. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f7b2f91974..95fb61ce82 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -136,7 +136,7 @@ int main(void) for (size_t j = 0; j < test_sha256_hash_len; j++) { if (hash[j] != test_sha256_hash[j]) { - mbedtls_printf("One-shot hash operation failed!\n\n"); + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; From 9730cb12748eb0dbc4b0b5b586e2c525accade8e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:07:19 +0100 Subject: [PATCH 032/185] Change hash output formatting Change the formatting of the hash output to remove line breaks and spaces. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 95fb61ce82..f09b48c064 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -145,13 +145,10 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); - mbedtls_printf("The SHA-256( '%s' ) is:\n", buf); + mbedtls_printf("The SHA-256( '%s' ) is: ", buf); for (size_t j = 0; j < test_sha256_hash_len; j++) { - if (j % 8 == 0) { - mbedtls_printf("\n "); - } - mbedtls_printf("%02x ", hash[j]); + mbedtls_printf("%02x", hash[j]); } mbedtls_printf("\n"); From a2b7519d63871270f2fb656b34be298fe3335164 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:21:46 +0100 Subject: [PATCH 033/185] Use memcmp instead of reinventing it Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f09b48c064..a2e2731a98 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -134,13 +134,12 @@ int main(void) return EXIT_FAILURE; } - for (size_t j = 0; j < test_sha256_hash_len; j++) { - if (hash[j] != test_sha256_hash[j]) { - mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; - } + if (memcmp(hash, test_sha256_hash, test_sha256_hash_len) != 0) + { + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; } mbedtls_printf("One-shot hash operation successful!\n\n"); From 1f98736e71c87164a649f715d0349bf162551f3c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:23:06 +0100 Subject: [PATCH 034/185] Add clarifying comment to new program section Mark the beginning of the section that prints the result with a comment. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index a2e2731a98..81110f0b78 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -144,6 +144,7 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); + /* Print out result */ mbedtls_printf("The SHA-256( '%s' ) is: ", buf); for (size_t j = 0; j < test_sha256_hash_len; j++) { From 606110fc19602e4ea6ce02ca1e3d309bb97b7623 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 15:57:10 +0100 Subject: [PATCH 035/185] Restructure start of program Restructure the start of the program to make it clear to a user exactly what this program is for. Add a comment for additional clarity. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 81110f0b78..2afe34de6b 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,18 +33,24 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" +/* The algorithm used by this demo is SHA 256. + * Please see include/psa/crypto_values.h to see the other + * algorithms that are supported. If you switch to a different + * algorithm you will need to update the hash data in the + * SAMPLE_HASH_DATA macro below.*/ + #define HASH_ALG PSA_ALG_SHA_256 -#define TEST_SHA256_HASH { \ +#define SAMPLE_HASH_DATA { \ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ } -const uint8_t test_sha256_hash[] = TEST_SHA256_HASH; +const uint8_t sample_message[] = "Hello World!"; -const size_t test_sha256_hash_len = - sizeof(test_sha256_hash); +const uint8_t sample_hash[] = SAMPLE_HASH_DATA; +const size_t sample_hash_len = sizeof(sample_hash); #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -57,7 +63,6 @@ int main(void) int main(void) { - uint8_t buf[] = "Hello World!"; psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; size_t hash_length; @@ -82,7 +87,7 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_update(&hash_operation, buf, sizeof(buf)); + status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message)); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); psa_hash_abort(&hash_operation); @@ -107,8 +112,8 @@ int main(void) } status = - psa_hash_verify(&cloned_hash_operation, test_sha256_hash, - test_sha256_hash_len); + psa_hash_verify(&cloned_hash_operation, sample_hash, + sample_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); psa_hash_abort(&hash_operation); @@ -124,7 +129,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - buf, sizeof(buf), + sample_message, sizeof(sample_message), hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { @@ -134,7 +139,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, test_sha256_hash, test_sha256_hash_len) != 0) + if (memcmp(hash, sample_hash, sample_hash_len) != 0) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); @@ -145,9 +150,9 @@ int main(void) mbedtls_printf("One-shot hash operation successful!\n\n"); /* Print out result */ - mbedtls_printf("The SHA-256( '%s' ) is: ", buf); + mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - for (size_t j = 0; j < test_sha256_hash_len; j++) { + for (size_t j = 0; j < sample_hash_len; j++) { mbedtls_printf("%02x", hash[j]); } From ce14124f7c47b3955e43a34408cc7826763e5b4e Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 16:14:20 +0100 Subject: [PATCH 036/185] Check result of multipart operation Check that the multi-part operation has produced the correct result. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 2afe34de6b..ae4e9a5d2b 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -111,6 +111,15 @@ int main(void) return EXIT_FAILURE; } + /* Check the result of the operation against the sample */ + if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) + { + mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; + } + status = psa_hash_verify(&cloned_hash_operation, sample_hash, sample_hash_len); From fbe742b2d0ffe63ea3443b198e96b685bf388ba5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 16:17:38 +0100 Subject: [PATCH 037/185] Add extra check to one-shot operation results Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index ae4e9a5d2b..f73e1f3ab7 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -148,7 +148,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0) + if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); From c918c32cc00cf2456cb552d8a40c4be927409c17 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 17:15:03 +0100 Subject: [PATCH 038/185] Stop hashing the null byte Change the hash data to not include the null byte used to terminate the string. Pass sizeof() - 1 to the hash operation API functions so that the null byte can be ignored. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index f73e1f3ab7..b5b566c187 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -41,10 +41,10 @@ #define HASH_ALG PSA_ALG_SHA_256 -#define SAMPLE_HASH_DATA { \ - 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ - 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ - 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ +#define SAMPLE_HASH_DATA { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } const uint8_t sample_message[] = "Hello World!"; @@ -87,7 +87,9 @@ int main(void) return EXIT_FAILURE; } - status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message)); + /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to + * include the null byte in the hash computation */ + status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); psa_hash_abort(&hash_operation); @@ -138,7 +140,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - sample_message, sizeof(sample_message), + sample_message, sizeof(sample_message) - 1, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { From 1ba9744afbddaf1e0016528133485498c70350db Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 28 Jul 2023 17:25:16 +0100 Subject: [PATCH 039/185] Correct code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index b5b566c187..9396fb6a97 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -87,7 +87,7 @@ int main(void) return EXIT_FAILURE; } - /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to + /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to * include the null byte in the hash computation */ status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { @@ -114,8 +114,7 @@ int main(void) } /* Check the result of the operation against the sample */ - if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) - { + if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); @@ -150,8 +149,7 @@ int main(void) return EXIT_FAILURE; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) - { + if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); psa_hash_abort(&hash_operation); psa_hash_abort(&cloned_hash_operation); @@ -172,4 +170,4 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From 21fbe4c90e72b7b349e2b6374bb14f477c9e8a63 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 15:39:42 +0100 Subject: [PATCH 040/185] Remove further superfluous call to psa_hash_abort Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9396fb6a97..1353fb98cf 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -82,8 +82,6 @@ int main(void) status = psa_hash_setup(&hash_operation, HASH_ALG); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } From 5c2dcbd250e91f5c75c14590dfc40c8c8d75f6c7 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 16:03:30 +0100 Subject: [PATCH 041/185] Implement cleanup label Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 35 +++++++++++++---------------------- 1 file changed, 13 insertions(+), 22 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 1353fb98cf..ca9a8b32ae 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -90,33 +90,25 @@ int main(void) status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { mbedtls_printf("PSA hash clone failed"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_finish failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } /* Check the result of the operation against the sample */ if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } status = @@ -124,9 +116,7 @@ int main(void) sample_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } else { mbedtls_printf("Multi-part hash operation successful!\n"); } @@ -142,16 +132,12 @@ int main(void) &hash_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_compute failed\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); - psa_hash_abort(&hash_operation); - psa_hash_abort(&cloned_hash_operation); - return EXIT_FAILURE; + goto cleanup; } mbedtls_printf("One-shot hash operation successful!\n\n"); @@ -167,5 +153,10 @@ int main(void) mbedtls_psa_crypto_free(); return EXIT_SUCCESS; + +cleanup: + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file From 102033c38d9cc8300db72285754d173c10a7ed0a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 3 Aug 2023 16:20:09 +0100 Subject: [PATCH 042/185] Add new line at end of file to satisfy code style Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index ca9a8b32ae..86a59f1476 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -159,4 +159,4 @@ cleanup: psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ \ No newline at end of file +#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ From a68ef953948b504bb192138c77c3fcc639426edb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 7 Aug 2023 11:09:51 +0100 Subject: [PATCH 043/185] Check length before calling memcmp Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 86a59f1476..dc698a162a 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -106,7 +106,7 @@ int main(void) } /* Check the result of the operation against the sample */ - if ((memcmp(hash, sample_hash, sample_hash_len) != 0) || hash_length != sample_hash_len) { + if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); goto cleanup; } @@ -135,7 +135,7 @@ int main(void) goto cleanup; } - if (memcmp(hash, sample_hash, sample_hash_len) != 0 || hash_length != sample_hash_len) { + if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); goto cleanup; } From 45ad306fbf0b66c0396d0be442c620293c63c531 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 11 Aug 2023 15:03:51 +0800 Subject: [PATCH 044/185] pkwrite.c: save stack usage for pk_write_pubkey_pem mbedtls_pk_write_pubkey_pem would allocate 2086 bytes in writing a DER encoded RSA public key. To save stack usage significantly, we use heap memory instead. Signed-off-by: Yanray Wang --- library/pkwrite.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 439428cff7..511e222514 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -759,20 +759,27 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char output_buf[PUB_DER_MAX_BYTES]; + unsigned char *output_buf = NULL; + output_buf = calloc(1, PUB_DER_MAX_BYTES); + if (output_buf == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } size_t olen = 0; if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, - sizeof(output_buf))) < 0) { + PUB_DER_MAX_BYTES)) < 0) { + free(output_buf); return ret; } if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, - output_buf + sizeof(output_buf) - ret, + output_buf + PUB_DER_MAX_BYTES - ret, ret, buf, size, &olen)) != 0) { + free(output_buf); return ret; } + free(output_buf); return 0; } From c84086e55c96a44dd63dd508a5929be1788854d1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 11 Aug 2023 15:33:07 +0800 Subject: [PATCH 045/185] pkwrite.c: save stack usage for pk_write_key_pem mbedtls_pk_write_key_pem would allocate 5679 bytes in writing a DER encoded RSA private key. To save stack usage significantly, we use heap memory instead. Signed-off-by: Yanray Wang --- library/pkwrite.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 511e222514..f3acec7516 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -786,7 +786,11 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char output_buf[PRV_DER_MAX_BYTES]; + unsigned char *output_buf = NULL; + output_buf = calloc(1, PRV_DER_MAX_BYTES); + if (output_buf == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } const char *begin, *end; size_t olen = 0; #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) @@ -799,7 +803,8 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, int is_rsa_opaque = 0; #endif - if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) { + if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) { + free(output_buf); return ret; } @@ -843,14 +848,19 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, } } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + { + free(output_buf); + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + } if ((ret = mbedtls_pem_write_buffer(begin, end, - output_buf + sizeof(output_buf) - ret, + output_buf + PRV_DER_MAX_BYTES - ret, ret, buf, size, &olen)) != 0) { + free(output_buf); return ret; } + free(output_buf); return 0; } #endif /* MBEDTLS_PEM_WRITE_C */ From 7226df07577183b59d566709d7caf2d2089609aa Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 11 Aug 2023 15:52:09 +0800 Subject: [PATCH 046/185] pkwrite.c: add a cleanup label to save code size Signed-off-by: Yanray Wang --- library/pkwrite.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index f3acec7516..cc58f46e96 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -768,19 +768,19 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, PUB_DER_MAX_BYTES)) < 0) { - free(output_buf); - return ret; + goto cleanup; } if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY, output_buf + PUB_DER_MAX_BYTES - ret, ret, buf, size, &olen)) != 0) { - free(output_buf); - return ret; + goto cleanup; } + ret = 0; +cleanup: free(output_buf); - return 0; + return ret; } int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size) @@ -804,8 +804,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #endif if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) { - free(output_buf); - return ret; + goto cleanup; } #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -849,19 +848,20 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ { - free(output_buf); - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + goto cleanup; } if ((ret = mbedtls_pem_write_buffer(begin, end, output_buf + PRV_DER_MAX_BYTES - ret, ret, buf, size, &olen)) != 0) { - free(output_buf); - return ret; + goto cleanup; } + ret = 0; +cleanup: free(output_buf); - return 0; + return ret; } #endif /* MBEDTLS_PEM_WRITE_C */ From 0882828b5162f1a4e3e9776dc5ea8105650de314 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 11 Aug 2023 16:15:14 +0800 Subject: [PATCH 047/185] pkwrite: add Changelog entry Signed-off-by: Yanray Wang --- ChangeLog.d/pkwrite-pem-use-heap.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/pkwrite-pem-use-heap.txt diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt new file mode 100644 index 0000000000..d2e7129ec4 --- /dev/null +++ b/ChangeLog.d/pkwrite-pem-use-heap.txt @@ -0,0 +1,4 @@ +Changes + * Use heap memory to allocate DER encoded RSA public/private key. + This reduces stack usage significantly for writing a public/private + key to a PEM string. From 08d5f46c83d0d7fcfbadd0e879db7da015046a88 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 21 Aug 2023 15:15:19 +0800 Subject: [PATCH 048/185] pkwrite.c: call calloc and free properly Signed-off-by: Yanray Wang --- library/pkwrite.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index cc58f46e96..225cde90d9 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -760,7 +760,7 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *output_buf = NULL; - output_buf = calloc(1, PUB_DER_MAX_BYTES); + output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES); if (output_buf == NULL) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } @@ -779,7 +779,7 @@ int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *bu ret = 0; cleanup: - free(output_buf); + mbedtls_free(output_buf); return ret; } @@ -787,7 +787,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *output_buf = NULL; - output_buf = calloc(1, PRV_DER_MAX_BYTES); + output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES); if (output_buf == NULL) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } @@ -860,7 +860,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, ret = 0; cleanup: - free(output_buf); + mbedtls_free(output_buf); return ret; } #endif /* MBEDTLS_PEM_WRITE_C */ From edbab91bf81eeafecca44697c0a25242a1b5f00f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 21 Aug 2023 15:17:43 +0800 Subject: [PATCH 049/185] pkwrite.c: write ChangeLog accurately The heap memory is used for both RSA and EC keys. So removing `RSA` in the ChangeLog. Signed-off-by: Yanray Wang --- ChangeLog.d/pkwrite-pem-use-heap.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt index d2e7129ec4..11db7b6b06 100644 --- a/ChangeLog.d/pkwrite-pem-use-heap.txt +++ b/ChangeLog.d/pkwrite-pem-use-heap.txt @@ -1,4 +1,4 @@ Changes - * Use heap memory to allocate DER encoded RSA public/private key. + * Use heap memory to allocate DER encoded public/private key. This reduces stack usage significantly for writing a public/private key to a PEM string. From 5cb8605d796550483fad9616b397c51c4af04869 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 27 Aug 2023 21:31:47 +0200 Subject: [PATCH 050/185] ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0164b45cd5..55e88128bc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -81,14 +81,6 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl" # alternative versions of OpenSSL and GnuTLS (no default path) -if [ -n "${OPENSSL_LEGACY:-}" ]; then - O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" - O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" -else - O_LEGACY_SRV=false - O_LEGACY_CLI=false -fi - if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key" @@ -1910,11 +1902,6 @@ O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" G_SRV="$G_SRV -p $SRV_PORT" G_CLI="$G_CLI -p +SRV_PORT" -if [ -n "${OPENSSL_LEGACY:-}" ]; then - O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" - O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" -fi - # Newer versions of OpenSSL have a syntax to enable all "ciphers", even # low-security ones. This covers not just cipher suites but also protocol # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on From 5f5e3886c57c37d3eb8fb7ae05675e1063ef51cb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 27 Aug 2023 21:32:36 +0200 Subject: [PATCH 051/185] Minor robustness improvement Let openssl use any experimental or obsolete cipher that's not in ALL. Signed-off-by: Gilles Peskine --- tests/compat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index 2e03e44f3a..dbe1cacc15 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -592,7 +592,7 @@ setup_arguments() fi M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE" - O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE" + O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE" G_SERVER_ARGS="-p $PORT --http $G_MODE" G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE" From e29203be88c1ee6ed850eb9702953a5d3dfb23a3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 27 Aug 2023 21:43:00 +0200 Subject: [PATCH 052/185] Stop using "legacy" OpenSSL and GnuTLS None of the tests actually need GNUTLS_LEGACY (3.3.8): GNUTLS (3.4.10) works. None of the tests actually need OPENSSL_LEGACY (1.0.1j): OPENSSL (1.0.2g) works. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 4 ++-- tests/scripts/basic-build-test.sh | 4 +--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e978ac727..b456c300f3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1855,7 +1855,7 @@ component_test_full_cmake_clang () { tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' msg "test: compat.sh NULL (full config)" # ~ 2 min - env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL' + tests/compat.sh -e '^$' -f 'NULL' msg "test: compat.sh ARIA + ChachaPoly" env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' @@ -2242,7 +2242,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() { tests/compat.sh msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" - env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL' + tests/compat.sh -f 'NULL' msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 32be0eef16..69b25a4180 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -124,9 +124,7 @@ echo '################ compat.sh ################' sh compat.sh echo - echo '#### compat.sh: legacy (null)' - OPENSSL="$OPENSSL_LEGACY" \ - GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ + echo '#### compat.sh: null cipher' sh compat.sh -e '^$' -f 'NULL' echo From 7be571ac853ef94774d138e033d0f348411644cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 27 Aug 2023 21:39:21 +0200 Subject: [PATCH 053/185] Remove GNUTLS_LEGACY and OPENSSL_LEGACY They aren't used anywhere. Keep the command line options of all.sh to avoid breaking any wrapper scripts that people might have. Signed-off-by: Gilles Peskine --- scripts/output_env.sh | 21 ------------------- tests/scripts/all.sh | 34 +++++++++++-------------------- tests/scripts/basic-build-test.sh | 6 ------ 3 files changed, 12 insertions(+), 49 deletions(-) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 535613298e..302f3fdaa0 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -170,13 +170,6 @@ echo print_version "$OPENSSL" "version" "default" echo -if [ -n "${OPENSSL_LEGACY+set}" ]; then - print_version "$OPENSSL_LEGACY" "version" "legacy" -else - echo " * openssl (legacy): Not configured." -fi -echo - if [ -n "${OPENSSL_NEXT+set}" ]; then print_version "$OPENSSL_NEXT" "version" "next" else @@ -192,20 +185,6 @@ echo print_version "$GNUTLS_SERV" "--version" "default" "head -n 1" echo -if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then - print_version "$GNUTLS_LEGACY_CLI" "--version" "legacy" "head -n 1" -else - echo " * gnutls-cli (legacy): Not configured." -fi -echo - -if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then - print_version "$GNUTLS_LEGACY_SERV" "--version" "legacy" "head -n 1" -else - echo " * gnutls-serv (legacy): Not configured." -fi -echo - echo " * Installed asan versions:" if type dpkg-query >/dev/null 2>/dev/null; then if ! dpkg-query -f '${Status} ${Package}: ${Version}\n' -W 'libasan*' | diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b456c300f3..8b9a3343c7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -50,10 +50,13 @@ # * G++ # * arm-gcc and mingw-gcc # * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc -# * OpenSSL and GnuTLS command line tools, recent enough for the -# interoperability tests. If they don't support old features which we want -# to test, then a legacy version of these tools must be present as well -# (search for LEGACY below). +# * OpenSSL and GnuTLS command line tools, in suitable versions for the +# interoperability tests. The following are the official versions at the +# time of writing: +# * GNUTLS_{CLI,SERV} = 3.4.10 +# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2 +# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches) +# * OPENSSL_NEXT = 1.1.1a # See the invocation of check_tools below for details. # # This script must be invoked from the toplevel directory of a git @@ -165,12 +168,9 @@ pre_initialize_variables () { # Default commands, can be overridden by the environment : ${OPENSSL:="openssl"} - : ${OPENSSL_LEGACY:="$OPENSSL"} : ${OPENSSL_NEXT:="$OPENSSL"} : ${GNUTLS_CLI:="gnutls-cli"} : ${GNUTLS_SERV:="gnutls-serv"} - : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} - : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} : ${ARMC5_BIN_DIR:=/usr/bin} : ${ARMC6_BIN_DIR:=/usr/bin} @@ -286,10 +286,7 @@ Tool path options: --gcc-latest= Latest version of GCC available --gnutls-cli= GnuTLS client executable to use for most tests. --gnutls-serv= GnuTLS server executable to use for most tests. - --gnutls-legacy-cli= GnuTLS client executable to use for legacy tests. - --gnutls-legacy-serv= GnuTLS server executable to use for legacy tests. --openssl= OpenSSL executable to use for most tests. - --openssl-legacy= OpenSSL executable to use for legacy tests.. --openssl-next= OpenSSL executable to use for recent things like ARIA EOF } @@ -458,8 +455,8 @@ pre_parse_command_line () { --gcc-earliest) shift; GCC_EARLIEST="$1";; --gcc-latest) shift; GCC_LATEST="$1";; --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-legacy-cli) shift;; # ignored for backward compatibility + --gnutls-legacy-serv) shift;; # ignored for backward compatibility --gnutls-serv) shift; GNUTLS_SERV="$1";; --help|-h) usage; exit;; --keep-going|-k) KEEP_GOING=1;; @@ -473,7 +470,6 @@ pre_parse_command_line () { --no-memory) MEMORY=0;; --no-quiet) QUIET=0;; --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; @@ -728,12 +724,9 @@ pre_print_configuration () { echo "SEED: ${SEED-"UNSET"}" echo echo "OPENSSL: $OPENSSL" - echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" echo "OPENSSL_NEXT: $OPENSSL_NEXT" echo "GNUTLS_CLI: $GNUTLS_CLI" echo "GNUTLS_SERV: $GNUTLS_SERV" - echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" - echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" } @@ -757,13 +750,10 @@ pre_check_tools () { if [ -n "${SEED-}" ]; then export SEED fi - set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" OPENSSL="$OPENSSL" set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" - set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" - set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" - check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" + check_tools "$OPENSSL" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" ;; esac diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 69b25a4180..bee6b908ab 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -48,11 +48,8 @@ if [ -d library -a -d include -a -d tests ]; then :; else fi : ${OPENSSL:="openssl"} -: ${OPENSSL_LEGACY:="$OPENSSL"} : ${GNUTLS_CLI:="gnutls-cli"} : ${GNUTLS_SERV:="gnutls-serv"} -: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} -: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} # Used to make ssl-opt.sh deterministic. # @@ -78,11 +75,8 @@ CONFIG_BAK="$CONFIG_H.bak" # Step 0 - print build environment info OPENSSL="$OPENSSL" \ - OPENSSL_LEGACY="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_CLI" \ GNUTLS_SERV="$GNUTLS_SERV" \ - GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \ scripts/output_env.sh echo From 044eb16379ffc00d984f22ce38ab49223ac059a9 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 28 Aug 2023 10:35:39 +0800 Subject: [PATCH 054/185] pkwrite: zeroize buf containing info of private key Signed-off-by: Yanray Wang --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 225cde90d9..4e625292ce 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -860,7 +860,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, ret = 0; cleanup: - mbedtls_free(output_buf); + mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES); return ret; } #endif /* MBEDTLS_PEM_WRITE_C */ From 1783870681c31962a919a1107d9e872a4b1710e9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 28 Aug 2023 17:36:22 +0200 Subject: [PATCH 055/185] compat.sh: add --preserve-logs option Similar to ssl-opt.sh. Signed-off-by: Gilles Peskine --- tests/compat.sh | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index dbe1cacc15..51c9bcdb5d 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -108,6 +108,7 @@ FILTER="" EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305' VERBOSE="" MEMCHECK=0 +PRESERVE_LOGS=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" # hidden option: skip DTLS with OpenSSL @@ -128,6 +129,7 @@ print_usage() { printf " -v|--verbose\tSet verbose output.\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" + printf " --preserve-logs\tPreserve logs of successful tests as well\n" } get_options() { @@ -160,6 +162,9 @@ get_options() { --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE=$1 ;; + --preserve-logs) + PRESERVE_LOGS=1 + ;; -h|--help) print_usage exit 0 @@ -842,12 +847,16 @@ record_outcome() { fi } +save_logs() { + cp $SRV_OUT c-srv-${TESTS}.log + cp $CLI_OUT c-cli-${TESTS}.log +} + # display additional information if test case fails report_fail() { FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log" record_outcome "FAIL" "$FAIL_PROMPT" - cp $SRV_OUT c-srv-${TESTS}.log - cp $CLI_OUT c-cli-${TESTS}.log + save_logs echo " ! $FAIL_PROMPT" if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then @@ -966,6 +975,9 @@ run_client() { case $RESULT in "0") record_outcome "PASS" + if [ "$PRESERVE_LOGS" -gt 0 ]; then + save_logs + fi ;; "1") record_outcome "SKIP" From 2c40b9059837cdecb55b3393813b77c426edf8fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Aug 2023 16:38:56 +0200 Subject: [PATCH 056/185] ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 55e88128bc..1f2aac2e6a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -636,20 +636,6 @@ requires_gnutls_next() { fi } -# skip next test if OpenSSL-legacy isn't available -requires_openssl_legacy() { - if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then - if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then - OPENSSL_LEGACY_AVAILABLE="YES" - else - OPENSSL_LEGACY_AVAILABLE="NO" - fi - fi - if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then - SKIP_NEXT="YES" - fi -} - requires_openssl_next() { if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then From 55aba195de08169680ed0da2ded6fb37f29c80fe Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 12 Sep 2023 09:03:50 +0800 Subject: [PATCH 057/185] benchmark: add AES_CFB128 Signed-off-by: Yanray Wang --- programs/test/benchmark.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index ecc4e94a63..1a8baee9a3 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -117,7 +117,7 @@ static void mbedtls_set_alarm(int seconds); "md5, ripemd160, sha1, sha256, sha512,\n" \ "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ + "aes_cbc, aes_cfb128, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ "aes_cmac, des3_cmac, poly1305\n" \ "ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" @@ -510,7 +510,7 @@ typedef struct { char md5, ripemd160, sha1, sha256, sha512, sha3_224, sha3_256, sha3_384, sha3_512, des3, des, - aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly, + aes_cbc, aes_cfb128, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, aria, camellia, chacha20, poly1305, @@ -570,6 +570,8 @@ int main(int argc, char *argv[]) todo.des = 1; } else if (strcmp(argv[i], "aes_cbc") == 0) { todo.aes_cbc = 1; + } else if (strcmp(argv[i], "aes_cfb128") == 0) { + todo.aes_cfb128 = 1; } else if (strcmp(argv[i], "aes_xts") == 0) { todo.aes_xts = 1; } else if (strcmp(argv[i], "aes_gcm") == 0) { @@ -732,6 +734,26 @@ int main(int argc, char *argv[]) mbedtls_aes_free(&aes); } #endif +#if defined(MBEDTLS_CIPHER_MODE_CFB) + if (todo.aes_cfb128) { + int keysize; + size_t iv_off = 0; + mbedtls_aes_context aes; + mbedtls_aes_init(&aes); + for (keysize = 128; keysize <= 256; keysize += 64) { + mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); + + TIME_AND_TSC(title, + mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, + &iv_off, tmp, buf, buf)); + } + mbedtls_aes_free(&aes); + } +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) if (todo.aes_xts) { int keysize; From 022b9a1ca0bc14a29c10a423962f03e209a78298 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Tue, 12 Sep 2023 09:45:37 +0800 Subject: [PATCH 058/185] benchmark: add AES_CFB8 Signed-off-by: Yanray Wang --- programs/test/benchmark.c | 34 ++++++++++++++++++++++++++-------- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 1a8baee9a3..06b739a7f1 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -113,13 +113,13 @@ static void mbedtls_set_alarm(int seconds); #define HEADER_FORMAT " %-24s : " #define TITLE_LEN 25 -#define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ - "des3, des, camellia, chacha20,\n" \ - "aes_cbc, aes_cfb128, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ - "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ +#define OPTIONS \ + "md5, ripemd160, sha1, sha256, sha512,\n" \ + "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ + "des3, des, camellia, chacha20,\n" \ + "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \ + "aes_cmac, des3_cmac, poly1305\n" \ + "ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" #if defined(MBEDTLS_ERROR_C) @@ -510,7 +510,7 @@ typedef struct { char md5, ripemd160, sha1, sha256, sha512, sha3_224, sha3_256, sha3_384, sha3_512, des3, des, - aes_cbc, aes_cfb128, aes_gcm, aes_ccm, aes_xts, chachapoly, + aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, aria, camellia, chacha20, poly1305, @@ -572,6 +572,8 @@ int main(int argc, char *argv[]) todo.aes_cbc = 1; } else if (strcmp(argv[i], "aes_cfb128") == 0) { todo.aes_cfb128 = 1; + } else if (strcmp(argv[i], "aes_cfb8") == 0) { + todo.aes_cfb8 = 1; } else if (strcmp(argv[i], "aes_xts") == 0) { todo.aes_xts = 1; } else if (strcmp(argv[i], "aes_gcm") == 0) { @@ -753,6 +755,22 @@ int main(int argc, char *argv[]) } mbedtls_aes_free(&aes); } + if (todo.aes_cfb8) { + int keysize; + mbedtls_aes_context aes; + mbedtls_aes_init(&aes); + for (keysize = 128; keysize <= 256; keysize += 64) { + mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); + + memset(buf, 0, sizeof(buf)); + memset(tmp, 0, sizeof(tmp)); + CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize)); + + TIME_AND_TSC(title, + mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf)); + } + mbedtls_aes_free(&aes); + } #endif #if defined(MBEDTLS_CIPHER_MODE_XTS) if (todo.aes_xts) { From 745af9f47bc3252708dd425b0f572f59ca122f1b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 15:47:07 +0100 Subject: [PATCH 059/185] Extend testing of aes.o options Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9e1d84f5de..20b7fda8c2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,13 +3934,25 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # ~45s +component_build_aes_variations() { # 3m20s # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. msg "build: aes.o for all combinations of relevant config options" + # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require + # Linux (so we can check for CPU flags) + if [[ "$OSTYPE" == "linux-gnu" ]]; then + # Runtime detection is supported on Linux, so it's safe to set these here + AESNI_OPTIONS="set unset" + AESCE_OPTIONS="set unset" + else + # otherwise leave them unset + AESNI_OPTIONS="unset" + AESCE_OPTIONS="unset" + fi + for a in set unset; do for b in set unset; do for c in set unset; do @@ -3948,6 +3960,20 @@ component_build_aes_variations() { # ~45s for e in set unset; do for f in set unset; do for g in set unset; do + for h in set unset; do + for i in ${AESNI_OPTIONS}; do + for j in ${AESCE_OPTIONS}; do + if [[ "$h" == "set" ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then + # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform + continue + fi + if [[ "$g" == "set" ]]; then + # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported + continue + fi + fi + echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES @@ -3955,6 +3981,9 @@ component_build_aes_variations() { # ~45s echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES echo ./scripts/config.py $g MBEDTLS_PADLOCK_C + echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY + echo ./scripts/config.py $i MBEDTLS_AESNI_C + echo ./scripts/config.py $j MBEDTLS_AESCE_C ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT @@ -3963,6 +3992,9 @@ component_build_aes_variations() { # ~45s ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES ./scripts/config.py $g MBEDTLS_PADLOCK_C + ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY + ./scripts/config.py $i MBEDTLS_AESNI_C + ./scripts/config.py $j MBEDTLS_AESCE_C rm -f library/aes.o make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" @@ -3973,6 +4005,9 @@ component_build_aes_variations() { # ~45s done done done + done + done + done } component_test_no_platform () { From 450c1ff353e8e7431d916178a8a6f19f3568e4c3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 15:52:33 +0100 Subject: [PATCH 060/185] Fix some more incorrect guards in aes.c Signed-off-by: Dave Rodgman --- library/aes.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/library/aes.c b/library/aes.c index 0a7b26ce90..3e27cd39be 100644 --- a/library/aes.c +++ b/library/aes.c @@ -84,8 +84,10 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ + !defined(MBEDTLS_AES_ROM_TABLES))) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, @@ -330,7 +332,8 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) #define V(a, b, c, d) 0x##a##b##c##d static const uint32_t RT0[256] = { RT }; @@ -352,11 +355,12 @@ static const uint32_t RT3[256] = { RT }; #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif \ + /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ #undef RT -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) +#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * Round constants */ @@ -373,11 +377,12 @@ static const uint32_t RCON[10] = /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ + !defined(MBEDTLS_AES_ROM_TABLES))) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static unsigned char FSb[256]; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif #if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) static uint32_t FT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) @@ -394,7 +399,8 @@ static uint32_t FT3[256]; static unsigned char RSb[256]; #endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ + !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) static uint32_t RT0[256]; #if !defined(MBEDTLS_AES_FEWER_TABLES) static uint32_t RT1[256]; @@ -482,7 +488,8 @@ static void aes_gen_tables(void) x = RSb[i]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) +#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ + (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) RT0[i] = ((uint32_t) MUL(0x0E, x)) ^ ((uint32_t) MUL(0x09, x) << 8) ^ ((uint32_t) MUL(0x0D, x) << 16) ^ @@ -493,7 +500,8 @@ static void aes_gen_tables(void) RT2[i] = ROTL8(RT1[i]); RT3[i] = ROTL8(RT2[i]); #endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +#endif \ + /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ } } From 573dfc167ae1a3953e5613eeff67e3766fa73c34 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 16:27:29 +0100 Subject: [PATCH 061/185] Add testing for MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 20b7fda8c2..238d4ccce2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,7 +3934,7 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # 3m20s +component_build_aes_variations() { # ~7m # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. @@ -3963,6 +3963,7 @@ component_build_aes_variations() { # 3m20s for h in set unset; do for i in ${AESNI_OPTIONS}; do for j in ${AESCE_OPTIONS}; do + for k in set unset; do if [[ "$h" == "set" ]]; then if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform @@ -3984,6 +3985,7 @@ component_build_aes_variations() { # 3m20s echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY echo ./scripts/config.py $i MBEDTLS_AESNI_C echo ./scripts/config.py $j MBEDTLS_AESCE_C + echo ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT @@ -3995,6 +3997,7 @@ component_build_aes_variations() { # 3m20s ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY ./scripts/config.py $i MBEDTLS_AESNI_C ./scripts/config.py $j MBEDTLS_AESCE_C + ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH rm -f library/aes.o make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" @@ -4008,6 +4011,7 @@ component_build_aes_variations() { # 3m20s done done done + done } component_test_no_platform () { From 972856219202c4bc134493f6dfc420497959d7ed Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 17:32:06 +0100 Subject: [PATCH 062/185] Improve test speed Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 122 ++++++++++++++++++++++++------------------- 1 file changed, 68 insertions(+), 54 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 238d4ccce2..22b471445b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,84 +3934,98 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { # ~7m +component_build_aes_variations() { + # 1m40 - around 90ms per clang invocation on M1 Pro + # # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is # unused variables/functions, so ensure -Wunused is set. msg "build: aes.o for all combinations of relevant config options" + WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require # Linux (so we can check for CPU flags) if [[ "$OSTYPE" == "linux-gnu" ]]; then # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS="set unset" - AESCE_OPTIONS="set unset" + AESNI_OPTIONS="0 1" + AESCE_OPTIONS="0 1" else # otherwise leave them unset - AESNI_OPTIONS="unset" - AESCE_OPTIONS="unset" + AESNI_OPTIONS="0" + AESCE_OPTIONS="0" fi - for a in set unset; do - for b in set unset; do - for c in set unset; do - for d in set unset; do - for e in set unset; do - for f in set unset; do - for g in set unset; do - for h in set unset; do - for i in ${AESNI_OPTIONS}; do - for j in ${AESCE_OPTIONS}; do - for k in set unset; do - if [[ "$h" == "set" ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$j" == "set") || ("$HOSTTYPE" == "x86_64" && "$i" == "set")) ]]; then + # clear all the variables, so that we can individually set them via clang + for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ + "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ + "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ + "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do + echo ./scripts/config.py unset ${x} + ./scripts/config.py unset ${x} + done + + FAILED=0 + + for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" + for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" + for c in 0 1; do [[ $c == 0 ]] && C="" || C="-DMBEDTLS_AES_ROM_TABLES" + for d in 0 1; do [[ $d == 0 ]] && D="" || D="-DMBEDTLS_AES_ENCRYPT_ALT" + for e in 0 1; do [[ $e == 0 ]] && E="" || E="-DMBEDTLS_AES_SETKEY_DEC_ALT" + for f in 0 1; do [[ $f == 0 ]] && F="" || F="-DMBEDTLS_AES_FEWER_TABLES" + for g in 0 1; do [[ $g == 0 ]] && G="" || G="-DMBEDTLS_PADLOCK_C" + for h in 0 1; do [[ $h == 0 ]] && H="" || H="-DMBEDTLS_AES_USE_HARDWARE_ONLY" + for i in $AESNI_OPTIONS; do [[ $i == 0 ]] && I="" || I="-DMBEDTLS_AESNI_C" + for j in $AESCE_OPTIONS; do [[ $j == 0 ]] && J="" || J="-DMBEDTLS_AESCE_C" + for k in 0 1; do [[ $k == 0 ]] && K="" || K="-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + + # skip invalid combinations + if [[ $h -eq 1 ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && $j -eq 1) || ("$HOSTTYPE" == "x86_64" && $i -eq 1)) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform continue fi - if [[ "$g" == "set" ]]; then + if [[ $g -eq 1 ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported continue fi fi - echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT - echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT - echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES - echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT - echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT - echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES - echo ./scripts/config.py $g MBEDTLS_PADLOCK_C - echo ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY - echo ./scripts/config.py $i MBEDTLS_AESNI_C - echo ./scripts/config.py $j MBEDTLS_AESCE_C - echo ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + # Check syntax only, for speed + # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations + CMD_FAILED=0 + cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" + $cmd || CMD_FAILED=1 - ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT - ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT - ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES - ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT - ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT - ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES - ./scripts/config.py $g MBEDTLS_PADLOCK_C - ./scripts/config.py $h MBEDTLS_AES_USE_HARDWARE_ONLY - ./scripts/config.py $i MBEDTLS_AESNI_C - ./scripts/config.py $j MBEDTLS_AESCE_C - ./scripts/config.py $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + if [[ $CMD_FAILED -eq 1 ]]; then + FAILED=1 + echo "Failed: $cmd" + echo $a MBEDTLS_AES_SETKEY_ENC_ALT + echo $b MBEDTLS_AES_DECRYPT_ALT + echo $c MBEDTLS_AES_ROM_TABLES + echo $d MBEDTLS_AES_ENCRYPT_ALT + echo $e MBEDTLS_AES_SETKEY_DEC_ALT + echo $f MBEDTLS_AES_FEWER_TABLES + echo $g MBEDTLS_PADLOCK_C + echo $h MBEDTLS_AES_USE_HARDWARE_ONLY + echo $i MBEDTLS_AESNI_C + echo $j MBEDTLS_AESCE_C + echo $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH + fi + done + done + done + done + done + done + done + done + done + done + done - rm -f library/aes.o - make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - done - done - done - done - done - done - done - done - done - done - done + [[ $FAILED -eq 1 ]] && false # fail if any combination failed } component_test_no_platform () { From aea01c9455117da6bee185377a100f46e801f466 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 18:54:49 +0100 Subject: [PATCH 063/185] Use make to parellise tests Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 22b471445b..ba43d133d6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3935,7 +3935,7 @@ component_build_tfm() { } component_build_aes_variations() { - # 1m40 - around 90ms per clang invocation on M1 Pro + # 18s - around 90ms per clang invocation on M1 Pro # # aes.o has many #if defined(...) guards that intersect in complex ways. # Test that all the combinations build cleanly. The most common issue is @@ -3962,11 +3962,11 @@ component_build_aes_variations() { "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do - echo ./scripts/config.py unset ${x} ./scripts/config.py unset ${x} done - FAILED=0 + MAKEFILE=$(mktemp) + DEPS="" for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" @@ -3996,23 +3996,12 @@ component_build_aes_variations() { # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations CMD_FAILED=0 cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" - $cmd || CMD_FAILED=1 - if [[ $CMD_FAILED -eq 1 ]]; then - FAILED=1 - echo "Failed: $cmd" - echo $a MBEDTLS_AES_SETKEY_ENC_ALT - echo $b MBEDTLS_AES_DECRYPT_ALT - echo $c MBEDTLS_AES_ROM_TABLES - echo $d MBEDTLS_AES_ENCRYPT_ALT - echo $e MBEDTLS_AES_SETKEY_DEC_ALT - echo $f MBEDTLS_AES_FEWER_TABLES - echo $g MBEDTLS_PADLOCK_C - echo $h MBEDTLS_AES_USE_HARDWARE_ONLY - echo $i MBEDTLS_AESNI_C - echo $j MBEDTLS_AESCE_C - echo $k MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - fi + TARGET="t$a$b$c$d$e$f$g$h$i$j$k" + echo "${TARGET}:" >> $MAKEFILE + echo -e "\t$cmd" >> $MAKEFILE + echo >> $MAKEFILE + DEPS="${DEPS} ${TARGET}" done done done @@ -4025,7 +4014,12 @@ component_build_aes_variations() { done done - [[ $FAILED -eq 1 ]] && false # fail if any combination failed + echo "all: ${DEPS}" >> $MAKEFILE + + MAKEFILE_CONTENT=`cat $MAKEFILE` + rm ${MAKEFILE} + NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') + echo $MAKEFILE_CONTENT | make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all } component_test_no_platform () { From 86cc70871ceecfa5d26ce1b736a48b59658ea628 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 29 Sep 2023 22:32:04 +0100 Subject: [PATCH 064/185] fix make issue Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ba43d133d6..14d32c158c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4016,10 +4016,9 @@ component_build_aes_variations() { echo "all: ${DEPS}" >> $MAKEFILE - MAKEFILE_CONTENT=`cat $MAKEFILE` - rm ${MAKEFILE} NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') - echo $MAKEFILE_CONTENT | make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + rm ${MAKEFILE} } component_test_no_platform () { From 8a64fb82a8279e26bf4309716fc1ba40b62b11ca Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 13:31:31 +0100 Subject: [PATCH 065/185] Simplify makefile generation; don't use -j Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 14d32c158c..0e3e6d4e5b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3949,12 +3949,12 @@ component_build_aes_variations() { # Linux (so we can check for CPU flags) if [[ "$OSTYPE" == "linux-gnu" ]]; then # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS="0 1" - AESCE_OPTIONS="0 1" + AESNI_OPTIONS=("" "-DMBEDTLS_AESNI_C") + AESCE_OPTIONS=("" "-DMBEDTLS_AESCE_C") else # otherwise leave them unset - AESNI_OPTIONS="0" - AESCE_OPTIONS="0" + AESNI_OPTIONS=("") + AESCE_OPTIONS=("") fi # clear all the variables, so that we can individually set them via clang @@ -3968,25 +3968,25 @@ component_build_aes_variations() { MAKEFILE=$(mktemp) DEPS="" - for a in 0 1; do [[ $a == 0 ]] && A="" || A="-DMBEDTLS_AES_SETKEY_ENC_ALT" - for b in 0 1; do [[ $b == 0 ]] && B="" || B="-DMBEDTLS_AES_DECRYPT_ALT" - for c in 0 1; do [[ $c == 0 ]] && C="" || C="-DMBEDTLS_AES_ROM_TABLES" - for d in 0 1; do [[ $d == 0 ]] && D="" || D="-DMBEDTLS_AES_ENCRYPT_ALT" - for e in 0 1; do [[ $e == 0 ]] && E="" || E="-DMBEDTLS_AES_SETKEY_DEC_ALT" - for f in 0 1; do [[ $f == 0 ]] && F="" || F="-DMBEDTLS_AES_FEWER_TABLES" - for g in 0 1; do [[ $g == 0 ]] && G="" || G="-DMBEDTLS_PADLOCK_C" - for h in 0 1; do [[ $h == 0 ]] && H="" || H="-DMBEDTLS_AES_USE_HARDWARE_ONLY" - for i in $AESNI_OPTIONS; do [[ $i == 0 ]] && I="" || I="-DMBEDTLS_AESNI_C" - for j in $AESCE_OPTIONS; do [[ $j == 0 ]] && J="" || J="-DMBEDTLS_AESCE_C" - for k in 0 1; do [[ $k == 0 ]] && K="" || K="-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" + for a in "" "-DMBEDTLS_AES_SETKEY_ENC_ALT"; do + for b in "" "-DMBEDTLS_AES_DECRYPT_ALT"; do + for c in "" "-DMBEDTLS_AES_ROM_TABLES"; do + for d in "" "-DMBEDTLS_AES_ENCRYPT_ALT"; do + for e in "" "-DMBEDTLS_AES_SETKEY_DEC_ALT"; do + for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do + for g in "" "-DMBEDTLS_PADLOCK_C"; do + for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do + for i in "${AESNI_OPTIONS[@]}"; do + for j in "${AESCE_OPTIONS[@]}"; do + for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do # skip invalid combinations - if [[ $h -eq 1 ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && $j -eq 1) || ("$HOSTTYPE" == "x86_64" && $i -eq 1)) ]]; then + if [[ "$h" != "" ]]; then + if [[ !(("$HOSTTYPE" == "aarch64" && "$j" != "") || ("$HOSTTYPE" == "x86_64" && "$i" != "")) ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform continue fi - if [[ $g -eq 1 ]]; then + if [[ "$g" != "" ]]; then # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported continue fi @@ -3995,7 +3995,7 @@ component_build_aes_variations() { # Check syntax only, for speed # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations CMD_FAILED=0 - cmd="clang $A $B $C $D $E $F $G $H $I $J $K -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" + cmd="clang $a $b $c $d $e $f $g $h $i $j $k -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" TARGET="t$a$b$c$d$e$f$g$h$i$j$k" echo "${TARGET}:" >> $MAKEFILE @@ -4016,8 +4016,7 @@ component_build_aes_variations() { echo "all: ${DEPS}" >> $MAKEFILE - NCPUS=$(lscpu -p|tail -n1|sed 's/,.*//') - make --quiet -j$((NCPUS * 2)) -f ${MAKEFILE} all + make --quiet -f ${MAKEFILE} all rm ${MAKEFILE} } From 184c0af06e1800b6c20c56c4e771d9fb45211d29 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 13:43:02 +0100 Subject: [PATCH 066/185] Remove not-needed edge-case Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0e3e6d4e5b..93739f40b1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3945,18 +3945,6 @@ component_build_aes_variations() { WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - # check to see if we can enable MBEDTLS_AES_USE_HARDWARE_ONLY - require - # Linux (so we can check for CPU flags) - if [[ "$OSTYPE" == "linux-gnu" ]]; then - # Runtime detection is supported on Linux, so it's safe to set these here - AESNI_OPTIONS=("" "-DMBEDTLS_AESNI_C") - AESCE_OPTIONS=("" "-DMBEDTLS_AESCE_C") - else - # otherwise leave them unset - AESNI_OPTIONS=("") - AESCE_OPTIONS=("") - fi - # clear all the variables, so that we can individually set them via clang for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ @@ -3976,8 +3964,8 @@ component_build_aes_variations() { for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do for g in "" "-DMBEDTLS_PADLOCK_C"; do for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do - for i in "${AESNI_OPTIONS[@]}"; do - for j in "${AESCE_OPTIONS[@]}"; do + for i in "" "-DMBEDTLS_AESNI_C"; do + for j in "" "-DMBEDTLS_AESCE_C"; do for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do # skip invalid combinations From 920343aaf74f1bd2267c8645223bfa9313dfbad1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 1 Oct 2023 18:41:09 +0100 Subject: [PATCH 067/185] Separate out a resuable option cross-product test function Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 132 ++++++++++++++++++++++++------------------- 1 file changed, 73 insertions(+), 59 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 93739f40b1..fdbde160a6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,80 +3934,94 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } -component_build_aes_variations() { - # 18s - around 90ms per clang invocation on M1 Pro - # - # aes.o has many #if defined(...) guards that intersect in complex ways. - # Test that all the combinations build cleanly. The most common issue is - # unused variables/functions, so ensure -Wunused is set. +build_test_config_combos() { + # test that the given file builds with all (valid) combinations of the given options. + # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... + # The validator function may be "" if all combinations are valid - msg "build: aes.o for all combinations of relevant config options" + FILE=$1 + shift + # this function must echo something iff the clang "-DA -DB ..." string is invalid + VALIDATE_OPTIONS=$1 + shift + OPTIONS=("$@") + # The most common issue is unused variables/functions, so ensure -Wunused is set. WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" - # clear all the variables, so that we can individually set them via clang - for x in "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" "MBEDTLS_AES_ROM_TABLES" \ - "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" "MBEDTLS_AES_FEWER_TABLES" \ - "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" \ - "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do - ./scripts/config.py unset ${x} - done - MAKEFILE=$(mktemp) DEPS="" - for a in "" "-DMBEDTLS_AES_SETKEY_ENC_ALT"; do - for b in "" "-DMBEDTLS_AES_DECRYPT_ALT"; do - for c in "" "-DMBEDTLS_AES_ROM_TABLES"; do - for d in "" "-DMBEDTLS_AES_ENCRYPT_ALT"; do - for e in "" "-DMBEDTLS_AES_SETKEY_DEC_ALT"; do - for f in "" "-DMBEDTLS_AES_FEWER_TABLES"; do - for g in "" "-DMBEDTLS_PADLOCK_C"; do - for h in "" "-DMBEDTLS_AES_USE_HARDWARE_ONLY"; do - for i in "" "-DMBEDTLS_AESNI_C"; do - for j in "" "-DMBEDTLS_AESCE_C"; do - for k in "" "-DMBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"; do + LEN=${#OPTIONS[@]} - # skip invalid combinations - if [[ "$h" != "" ]]; then - if [[ !(("$HOSTTYPE" == "aarch64" && "$j" != "") || ("$HOSTTYPE" == "x86_64" && "$i" != "")) ]]; then - # MBEDTLS_AES_USE_HARDWARE_ONLY requires hw acceleration for the target platform - continue - fi - if [[ "$g" != "" ]]; then - # MBEDTLS_AES_USE_HARDWARE_ONLY and MBEDTLS_PADLOCK_C is not supported - continue - fi + for ((i = 0; i < $((2**${LEN})); i++)); do + # generate each of 2^n combinations of options + # each bit of $i is used to determine if OPTIONS[i] will be set or not + TARGET="t" + CLANG_ARGS="" + for ((j = 0; j < ${LEN}; j++)); do + OPT=${OPTIONS[j]} + X=$(((i >> j) & 1)) + [[ $X == 0 ]] && OPT="" || OPT="-D${OPT}" + CLANG_ARGS="${CLANG_ARGS} ${OPT}" + TARGET="${TARGET}${OPT}" + done + + # check that combination is not known to be invalid + INVALID="" + [[ "$VALIDATE_OPTIONS" != "" ]] && INVALID=$(${VALIDATE_OPTIONS} "${CLANG_ARGS}") + + # if valid, add it to the makefile + if [[ "$INVALID" == "" ]]; then + cmd="clang ${CLANG_ARGS} -fsyntax-only ${FILE} -Iinclude -std=c99 $WARNING_FLAGS" + echo "${TARGET}:" >> ${MAKEFILE} + echo -e "\t$cmd" >> ${MAKEFILE} + + DEPS="${DEPS} ${TARGET}" fi - - # Check syntax only, for speed - # Capture failures and continue, but hide successes to avoid spamming the log with 2^11 combinations - CMD_FAILED=0 - cmd="clang $a $b $c $d $e $f $g $h $i $j $k -fsyntax-only library/aes.c -Iinclude -std=c99 $WARNING_FLAGS" - - TARGET="t$a$b$c$d$e$f$g$h$i$j$k" - echo "${TARGET}:" >> $MAKEFILE - echo -e "\t$cmd" >> $MAKEFILE - echo >> $MAKEFILE - DEPS="${DEPS} ${TARGET}" - done - done - done - done - done - done - done - done - done - done done - echo "all: ${DEPS}" >> $MAKEFILE + echo "all: ${DEPS}" >> ${MAKEFILE} - make --quiet -f ${MAKEFILE} all + # clear all of the options so that they can be overridden on the clang commandline + for OPT in "${OPTIONS[@]}"; do + ./scripts/config.py unset ${OPT} + done + + # execute all of the commands via Make (probably in parallel) + make -s -f ${MAKEFILE} all + + # clean up the temporary makefile rm ${MAKEFILE} } +build_aes_variations_validate_combo() { + if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then + if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then + echo 1 + fi + if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ + ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then + echo 1 + fi + fi +} + +component_build_aes_variations() { + # 18s - around 90ms per clang invocation on M1 Pro + # + # aes.o has many #if defined(...) guards that intersect in complex ways. + # Test that all the combinations build cleanly. + + msg "build: aes.o for all combinations of relevant config options" + + build_test_config_combos library/aes.c build_aes_variations_validate_combo \ + "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ + "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" +} + component_test_no_platform () { # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file From 43a5ce8c7f1375c4a4e043277e6bd9c5321b79f7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 2 Oct 2023 17:09:37 +0100 Subject: [PATCH 068/185] rename function Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fdbde160a6..943ea885ca 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3995,7 +3995,7 @@ build_test_config_combos() { rm ${MAKEFILE} } -build_aes_variations_validate_combo() { +validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then echo 1 @@ -4015,7 +4015,7 @@ component_build_aes_variations() { msg "build: aes.o for all combinations of relevant config options" - build_test_config_combos library/aes.c build_aes_variations_validate_combo \ + build_test_config_combos library/aes.c validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ From 4243610c15ebd92676d50808cec12314b9eb7020 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 3 Oct 2023 15:47:05 +0100 Subject: [PATCH 069/185] Use make to generate the test command Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 943ea885ca..9ebb120a78 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3946,9 +3946,24 @@ build_test_config_combos() { shift OPTIONS=("$@") + # clear all of the options so that they can be overridden on the clang commandline + for OPT in "${OPTIONS[@]}"; do + ./scripts/config.py unset ${OPT} + done + + # enter the directory containing the target file & strip the dir from the filename + cd $(dirname ${FILE}) + FILE=$(basename ${FILE}) + # The most common issue is unused variables/functions, so ensure -Wunused is set. WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + # Extract the command generated by the Makefile to build the target file. + # This ensures that we have any include paths, macro definitions, etc + # that may be applied by make. + # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. + MAKE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + MAKEFILE=$(mktemp) DEPS="" @@ -3973,7 +3988,7 @@ build_test_config_combos() { # if valid, add it to the makefile if [[ "$INVALID" == "" ]]; then - cmd="clang ${CLANG_ARGS} -fsyntax-only ${FILE} -Iinclude -std=c99 $WARNING_FLAGS" + cmd="${MAKE_CMD} ${CLANG_ARGS}" echo "${TARGET}:" >> ${MAKEFILE} echo -e "\t$cmd" >> ${MAKEFILE} @@ -3983,11 +3998,6 @@ build_test_config_combos() { echo "all: ${DEPS}" >> ${MAKEFILE} - # clear all of the options so that they can be overridden on the clang commandline - for OPT in "${OPTIONS[@]}"; do - ./scripts/config.py unset ${OPT} - done - # execute all of the commands via Make (probably in parallel) make -s -f ${MAKEFILE} all @@ -4015,7 +4025,7 @@ component_build_aes_variations() { msg "build: aes.o for all combinations of relevant config options" - build_test_config_combos library/aes.c validate_aes_config_variations \ + build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ From 3cde6a2be26ae7c00b319edcd0973700f0dbeba1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 3 Oct 2023 16:02:56 +0100 Subject: [PATCH 070/185] Improve naming Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9ebb120a78..56727ce7ad 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3962,7 +3962,7 @@ build_test_config_combos() { # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - MAKE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + COMPILE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") MAKEFILE=$(mktemp) DEPS="" @@ -3988,7 +3988,7 @@ build_test_config_combos() { # if valid, add it to the makefile if [[ "$INVALID" == "" ]]; then - cmd="${MAKE_CMD} ${CLANG_ARGS}" + cmd="${COMPILE_CMD} ${CLANG_ARGS}" echo "${TARGET}:" >> ${MAKEFILE} echo -e "\t$cmd" >> ${MAKEFILE} From 28e38d8e12a9a4c5562f1cc0ea4a5a0fbbb9d003 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 11:50:30 +0100 Subject: [PATCH 071/185] Use lower-case for local variables Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 62 ++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 56727ce7ad..33a2c9f491 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3939,70 +3939,70 @@ build_test_config_combos() { # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... # The validator function may be "" if all combinations are valid - FILE=$1 + file=$1 shift # this function must echo something iff the clang "-DA -DB ..." string is invalid - VALIDATE_OPTIONS=$1 + validate_options=$1 shift - OPTIONS=("$@") + options=("$@") # clear all of the options so that they can be overridden on the clang commandline - for OPT in "${OPTIONS[@]}"; do - ./scripts/config.py unset ${OPT} + for opt in "${options[@]}"; do + ./scripts/config.py unset ${opt} done # enter the directory containing the target file & strip the dir from the filename - cd $(dirname ${FILE}) - FILE=$(basename ${FILE}) + cd $(dirname ${file}) + file=$(basename ${file}) # The most common issue is unused variables/functions, so ensure -Wunused is set. - WARNING_FLAGS="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" + warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused" # Extract the command generated by the Makefile to build the target file. # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - COMPILE_CMD=$(make -B -n ${FILE} CC=clang CFLAGS="${WARNING_FLAGS} -fsyntax-only" | egrep "^clang") + compile_cmd=$(make -B -n ${file} CC=clang CFLAGS="${warning_flags} -fsyntax-only" | egrep "^clang") - MAKEFILE=$(mktemp) - DEPS="" + makefile=$(mktemp) + deps="" - LEN=${#OPTIONS[@]} + len=${#options[@]} - for ((i = 0; i < $((2**${LEN})); i++)); do + for ((i = 0; i < $((2**${len})); i++)); do # generate each of 2^n combinations of options - # each bit of $i is used to determine if OPTIONS[i] will be set or not - TARGET="t" - CLANG_ARGS="" - for ((j = 0; j < ${LEN}; j++)); do - OPT=${OPTIONS[j]} + # each bit of $i is used to determine if options[i] will be set or not + target="t" + clang_args="" + for ((j = 0; j < ${len}; j++)); do + opt=${options[j]} X=$(((i >> j) & 1)) - [[ $X == 0 ]] && OPT="" || OPT="-D${OPT}" - CLANG_ARGS="${CLANG_ARGS} ${OPT}" - TARGET="${TARGET}${OPT}" + [[ $X == 0 ]] && opt="" || opt="-D${opt}" + clang_args="${clang_args} ${opt}" + target="${target}${opt}" done # check that combination is not known to be invalid - INVALID="" - [[ "$VALIDATE_OPTIONS" != "" ]] && INVALID=$(${VALIDATE_OPTIONS} "${CLANG_ARGS}") + invalid="" + [[ "$validate_options" != "" ]] && invalid=$(${validate_options} "${clang_args}") # if valid, add it to the makefile - if [[ "$INVALID" == "" ]]; then - cmd="${COMPILE_CMD} ${CLANG_ARGS}" - echo "${TARGET}:" >> ${MAKEFILE} - echo -e "\t$cmd" >> ${MAKEFILE} + if [[ "$invalid" == "" ]]; then + cmd="${compile_cmd} ${clang_args}" + echo "${target}:" >> ${makefile} + echo -e "\t$cmd" >> ${makefile} - DEPS="${DEPS} ${TARGET}" + deps="${deps} ${target}" fi done - echo "all: ${DEPS}" >> ${MAKEFILE} + echo "all: ${deps}" >> ${makefile} # execute all of the commands via Make (probably in parallel) - make -s -f ${MAKEFILE} all + make -s -f ${makefile} all # clean up the temporary makefile - rm ${MAKEFILE} + rm ${makefile} } validate_aes_config_variations() { From 54ada8bae8ade96010d1005964d782bdb0e3084f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 11:55:25 +0100 Subject: [PATCH 072/185] Improve docs Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 33a2c9f491..34089a4029 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3934,14 +3934,17 @@ component_build_tfm() { make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe" } +# Test that the given .o file builds with all (valid) combinations of the given options. +# +# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... +# +# The validator function is the name of a function to validate the combination of options. +# It may be "" if all combinations are valid. +# It receives a string containing a combination of options, as passed to the compiler, +# e.g. "-DOPT1 -DOPT2 ...". It must echo something iff the combination is invalid. build_test_config_combos() { - # test that the given file builds with all (valid) combinations of the given options. - # syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ... - # The validator function may be "" if all combinations are valid - file=$1 shift - # this function must echo something iff the clang "-DA -DB ..." string is invalid validate_options=$1 shift options=("$@") From b1107aeee1fcb3afced5dea75171e8ec334c0c5d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 12:30:23 +0100 Subject: [PATCH 073/185] Tidy up bash syntax Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 34089a4029..ace70d1a4f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3978,19 +3978,16 @@ build_test_config_combos() { target="t" clang_args="" for ((j = 0; j < ${len}; j++)); do - opt=${options[j]} - X=$(((i >> j) & 1)) - [[ $X == 0 ]] && opt="" || opt="-D${opt}" + opt= + if (((i >> j) & 1)); then + opt=-D${options[j]} + fi clang_args="${clang_args} ${opt}" target="${target}${opt}" done - # check that combination is not known to be invalid - invalid="" - [[ "$validate_options" != "" ]] && invalid=$(${validate_options} "${clang_args}") - - # if valid, add it to the makefile - if [[ "$invalid" == "" ]]; then + # if combination is not known to be invalid, add it to the makefile + if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then cmd="${compile_cmd} ${clang_args}" echo "${target}:" >> ${makefile} echo -e "\t$cmd" >> ${makefile} From 7a8a2490e58330907c7b67e53be210782c101ec3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:14:20 +0100 Subject: [PATCH 074/185] Tidy-up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ace70d1a4f..164c2e99f1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3978,12 +3978,11 @@ build_test_config_combos() { target="t" clang_args="" for ((j = 0; j < ${len}; j++)); do - opt= if (((i >> j) & 1)); then opt=-D${options[j]} + clang_args="${clang_args} ${opt}" + target="${target}${opt}" fi - clang_args="${clang_args} ${opt}" - target="${target}${opt}" done # if combination is not known to be invalid, add it to the makefile From a7127eb67cecc021987cd186a04965c52887c52f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:38:41 +0100 Subject: [PATCH 075/185] tidy up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 164c2e99f1..90e5f1bd74 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3979,7 +3979,7 @@ build_test_config_combos() { clang_args="" for ((j = 0; j < ${len}; j++)); do if (((i >> j) & 1)); then - opt=-D${options[j]} + opt=-D${options[$j]} clang_args="${clang_args} ${opt}" target="${target}${opt}" fi @@ -4007,11 +4007,11 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - echo 1 + echo INVALID fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - echo 1 + echo INVALID fi fi } From 1ec1a0f0cc74cfe94c883932103edf0e9f26cdcc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 13:50:54 +0100 Subject: [PATCH 076/185] Introduce MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman --- library/common.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/common.h b/library/common.h index 3c472c685d..1fc04a32e2 100644 --- a/library/common.h +++ b/library/common.h @@ -334,4 +334,11 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE #endif +/* Suppress compiler warnings for unused functions and variables. */ +#if defined(__GNUC__) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#else +#define MBEDTLS_MAYBE_UNUSED +#endif + #endif /* MBEDTLS_LIBRARY_COMMON_H */ From 18ddf61a750a2a04ca677bbcb254d84f3ce1a84e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 14:03:12 +0100 Subject: [PATCH 077/185] Use MBEDTLS_MAYBE_UNUSED to simplify aes.c and let compiler remove unused variables Signed-off-by: Dave Rodgman --- library/aes.c | 103 +++++++++++++------------------------------------- 1 file changed, 26 insertions(+), 77 deletions(-) diff --git a/library/aes.c b/library/aes.c index 3e27cd39be..d232229816 100644 --- a/library/aes.c +++ b/library/aes.c @@ -84,11 +84,7 @@ static int aes_padlock_ace = -1; /* * Forward S-box */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ - !defined(MBEDTLS_AES_ROM_TABLES))) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static const unsigned char FSb[256] = +MBEDTLS_MAYBE_UNUSED static const unsigned char FSb[256] = { 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, @@ -123,8 +119,6 @@ static const unsigned char FSb[256] = 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 }; -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ /* * Forward tables @@ -196,36 +190,28 @@ static const unsigned char FSb[256] = V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \ V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C) -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) #define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t FT0[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT0[256] = { FT }; #undef V -#if !defined(MBEDTLS_AES_FEWER_TABLES) - #define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t FT1[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT1[256] = { FT }; #undef V #define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t FT2[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT2[256] = { FT }; #undef V #define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t FT3[256] = { FT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t FT3[256] = { FT }; #undef V -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */ - #undef FT -#if !defined(MBEDTLS_AES_DECRYPT_ALT) /* * Reverse S-box */ -static const unsigned char RSb[256] = +MBEDTLS_MAYBE_UNUSED static const unsigned char RSb[256] = { 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB, @@ -260,7 +246,6 @@ static const unsigned char RSb[256] = 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D }; -#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */ /* * Reverse tables @@ -332,88 +317,60 @@ static const unsigned char RSb[256] = V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \ V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0) -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) #define V(a, b, c, d) 0x##a##b##c##d -static const uint32_t RT0[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT0[256] = { RT }; #undef V -#if !defined(MBEDTLS_AES_FEWER_TABLES) - #define V(a, b, c, d) 0x##b##c##d##a -static const uint32_t RT1[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT1[256] = { RT }; #undef V #define V(a, b, c, d) 0x##c##d##a##b -static const uint32_t RT2[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT2[256] = { RT }; #undef V #define V(a, b, c, d) 0x##d##a##b##c -static const uint32_t RT3[256] = { RT }; +MBEDTLS_MAYBE_UNUSED static const uint32_t RT3[256] = { RT }; #undef V -#endif /* !MBEDTLS_AES_FEWER_TABLES */ - -#endif \ - /* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */ - #undef RT -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) /* * Round constants */ -static const uint32_t RCON[10] = +MBEDTLS_MAYBE_UNUSED static const uint32_t RCON[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, 0x0000001B, 0x00000036 }; -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ #else /* MBEDTLS_AES_ROM_TABLES */ /* * Forward S-box & tables */ -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || \ - (!defined(MBEDTLS_AES_SETKEY_ENC_ALT) && (!defined(MBEDTLS_AES_USE_HARDWARE_ONLY) || \ - !defined(MBEDTLS_AES_ROM_TABLES))) || \ - (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static unsigned char FSb[256]; -#endif -#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -static uint32_t FT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t FT1[256]; -static uint32_t FT2[256]; -static uint32_t FT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ +MBEDTLS_MAYBE_UNUSED static unsigned char FSb[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT0[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT1[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT2[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t FT3[256]; /* * Reverse S-box & tables */ -#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) -static unsigned char RSb[256]; -#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */ +MBEDTLS_MAYBE_UNUSED static unsigned char RSb[256]; -#if !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && \ - !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) -static uint32_t RT0[256]; -#if !defined(MBEDTLS_AES_FEWER_TABLES) -static uint32_t RT1[256]; -static uint32_t RT2[256]; -static uint32_t RT3[256]; -#endif /* !MBEDTLS_AES_FEWER_TABLES */ -#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */ +MBEDTLS_MAYBE_UNUSED static uint32_t RT0[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT1[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT2[256]; +MBEDTLS_MAYBE_UNUSED static uint32_t RT3[256]; -#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT) /* * Round constants */ -static uint32_t RCON[10]; +MBEDTLS_MAYBE_UNUSED static uint32_t RCON[10]; /* * Tables generation code @@ -422,9 +379,9 @@ static uint32_t RCON[10]; #define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00)) #define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0) -static int aes_init_done = 0; +MBEDTLS_MAYBE_UNUSED static int aes_init_done = 0; -static void aes_gen_tables(void) +MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void) { int i; uint8_t x, y, z; @@ -505,8 +462,6 @@ static void aes_gen_tables(void) } } -#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ - #undef ROTL8 #endif /* MBEDTLS_AES_ROM_TABLES */ @@ -584,9 +539,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) #define MAY_NEED_TO_ALIGN #endif -#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) -static unsigned mbedtls_aes_rk_offset(uint32_t *buf) +MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf) { #if defined(MAY_NEED_TO_ALIGN) int align_16_bytes = 0; @@ -622,8 +575,6 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf) return 0; } -#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \ - !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */ /* * AES key schedule (encryption) @@ -1056,7 +1007,6 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ -#if defined(MAY_NEED_TO_ALIGN) /* VIA Padlock and our intrinsics-based implementation of AESNI require * the round keys to be aligned on a 16-byte boundary. We take care of this * before creating them, but the AES context may have moved (this can happen @@ -1064,7 +1014,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, * calls it might have a different alignment with respect to 16-byte memory. * So we may need to realign. */ -static void aes_maybe_realign(mbedtls_aes_context *ctx) +MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); if (new_offset != ctx->rk_offset) { @@ -1074,7 +1024,6 @@ static void aes_maybe_realign(mbedtls_aes_context *ctx) ctx->rk_offset = new_offset; } } -#endif /* * AES-ECB block encryption/decryption From feadcaf4a6cd700c1074cffe19aff9add91d3ba6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 15:27:33 +0100 Subject: [PATCH 078/185] Support MBEDTLS_MAYBE_UNUSED in MSVC and IAR Signed-off-by: Dave Rodgman --- library/common.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/common.h b/library/common.h index 1fc04a32e2..910106bded 100644 --- a/library/common.h +++ b/library/common.h @@ -337,6 +337,12 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, /* Suppress compiler warnings for unused functions and variables. */ #if defined(__GNUC__) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#elif defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) +#if (__VER__ >= 8000000) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#elif defined(_MSC_VER) +#define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) #else #define MBEDTLS_MAYBE_UNUSED #endif From 749f2227c67b5b07fe9c6633b0b8767de511a8b2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 4 Oct 2023 15:38:58 +0100 Subject: [PATCH 079/185] Get MBEDTLS_MAYBE_UNUSED to cover more compilers Signed-off-by: Dave Rodgman --- library/common.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/library/common.h b/library/common.h index 910106bded..436e35a91c 100644 --- a/library/common.h +++ b/library/common.h @@ -335,15 +335,23 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if defined(__GNUC__) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#elif defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) -#if (__VER__ >= 8000000) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif -#elif defined(_MSC_VER) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) +#if (__VER__ >= 8010000) // IAR 8.1 or later +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER) #define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) -#else +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) +#if __has_attribute(unused) +#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) #define MBEDTLS_MAYBE_UNUSED #endif From 9bf752c45d3fc2d4df3c42de4a9fa630a53d401f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 5 Oct 2023 08:20:44 +0100 Subject: [PATCH 080/185] Support MSVS with clang Signed-off-by: Dave Rodgman --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index 436e35a91c..de26d451b9 100644 --- a/library/common.h +++ b/library/common.h @@ -335,7 +335,7 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) +#if !defined(MBEDTLS_MAYBE_UNUSED) && (defined(__GNUC__) || defined(__clang__)) #define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) From d3925d25ec1a6d2a4b60d699cafe69dbd62cc61d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 13:13:19 +0200 Subject: [PATCH 081/185] pk_internal: change guards for mbedtls_pk_ec_[ro/rw] Signed-off-by: Valerio Setti --- library/pk_internal.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 67ee5fea29..d3a8e31981 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -44,7 +44,7 @@ psa_pk_status_to_mbedtls) #endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) /** * Public function mbedtls_pk_ec() can be used to get direct access to the * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not @@ -80,7 +80,9 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) return NULL; } } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id; From e7cefae5f4190bee3363402da4f772da8d4e090f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 13:19:48 +0200 Subject: [PATCH 082/185] ssl: fix getting group id in ssl_check_key_curve() Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d2143ac150..b4719d6d15 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -676,7 +676,11 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) { uint16_t *curr_tls_id = curves_tls_id; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id; +#endif mbedtls_ecp_group_id curr_grp_id; while (*curr_tls_id != 0) { From 85d2a985496aa143d5e4e08f5995b5727c097287 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 16:04:49 +0200 Subject: [PATCH 083/185] md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 114 ++++++++++++++++++ include/mbedtls/md.h | 114 ------------------ 2 files changed, 114 insertions(+), 114 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 6ec59f1938..a8ea53d956 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -56,6 +56,120 @@ #define MBEDTLS_MD_LIGHT #endif +#if defined(MBEDTLS_MD_LIGHT) +/* + * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx. + * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA + * (see below). + * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed + * via PSA (see below). + * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed + * via a direct legacy call (see below). + * + * The md module performs an algorithm via PSA if there is a PSA hash + * accelerator and the PSA driver subsytem is initialized at the time the + * operation is started, and makes a direct legacy call otherwise. + */ + +/* PSA accelerated implementations */ +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#define MBEDTLS_MD_CAN_MD5 +#define MBEDTLS_MD_MD5_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#define MBEDTLS_MD_CAN_SHA1 +#define MBEDTLS_MD_SHA1_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#define MBEDTLS_MD_CAN_SHA224 +#define MBEDTLS_MD_SHA224_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#define MBEDTLS_MD_CAN_SHA256 +#define MBEDTLS_MD_SHA256_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#define MBEDTLS_MD_CAN_SHA384 +#define MBEDTLS_MD_SHA384_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#define MBEDTLS_MD_CAN_SHA512 +#define MBEDTLS_MD_SHA512_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#define MBEDTLS_MD_CAN_RIPEMD160 +#define MBEDTLS_MD_RIPEMD160_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_SHA3_224_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_SHA3_256_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_SHA3_384_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#define MBEDTLS_MD_CAN_SHA3_512 +#define MBEDTLS_MD_SHA3_512_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +/* Built-in implementations */ +#if defined(MBEDTLS_MD5_C) +#define MBEDTLS_MD_CAN_MD5 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA1_C) +#define MBEDTLS_MD_CAN_SHA1 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA224_C) +#define MBEDTLS_MD_CAN_SHA224 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA256_C) +#define MBEDTLS_MD_CAN_SHA256 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA384_C) +#define MBEDTLS_MD_CAN_SHA384 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA512_C) +#define MBEDTLS_MD_CAN_SHA512 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_SHA3_C) +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_CAN_SHA3_512 +#define MBEDTLS_MD_SOME_LEGACY +#endif +#if defined(MBEDTLS_RIPEMD160_C) +#define MBEDTLS_MD_CAN_RIPEMD160 +#define MBEDTLS_MD_SOME_LEGACY +#endif + +#endif /* MBEDTLS_MD_LIGHT */ + /* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index c9a7858f32..e5b30d0456 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -32,120 +32,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_MD_LIGHT) - -/* - * - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx. - * - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA - * (see below). - * - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed - * via PSA (see below). - * - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed - * via a direct legacy call (see below). - * - * The md module performs an algorithm via PSA if there is a PSA hash - * accelerator and the PSA driver subsytem is initialized at the time the - * operation is started, and makes a direct legacy call otherwise. - */ - -/* PSA accelerated implementations */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) -#define MBEDTLS_MD_CAN_MD5 -#define MBEDTLS_MD_MD5_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) -#define MBEDTLS_MD_CAN_SHA1 -#define MBEDTLS_MD_SHA1_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) -#define MBEDTLS_MD_CAN_SHA224 -#define MBEDTLS_MD_SHA224_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) -#define MBEDTLS_MD_CAN_SHA256 -#define MBEDTLS_MD_SHA256_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) -#define MBEDTLS_MD_CAN_SHA384 -#define MBEDTLS_MD_SHA384_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) -#define MBEDTLS_MD_CAN_SHA512 -#define MBEDTLS_MD_SHA512_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) -#define MBEDTLS_MD_CAN_RIPEMD160 -#define MBEDTLS_MD_RIPEMD160_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) -#define MBEDTLS_MD_CAN_SHA3_224 -#define MBEDTLS_MD_SHA3_224_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) -#define MBEDTLS_MD_CAN_SHA3_256 -#define MBEDTLS_MD_SHA3_256_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) -#define MBEDTLS_MD_CAN_SHA3_384 -#define MBEDTLS_MD_SHA3_384_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) -#define MBEDTLS_MD_CAN_SHA3_512 -#define MBEDTLS_MD_SHA3_512_VIA_PSA -#define MBEDTLS_MD_SOME_PSA -#endif -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -/* Built-in implementations */ -#if defined(MBEDTLS_MD5_C) -#define MBEDTLS_MD_CAN_MD5 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA1_C) -#define MBEDTLS_MD_CAN_SHA1 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA224_C) -#define MBEDTLS_MD_CAN_SHA224 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA256_C) -#define MBEDTLS_MD_CAN_SHA256 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA384_C) -#define MBEDTLS_MD_CAN_SHA384 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA512_C) -#define MBEDTLS_MD_CAN_SHA512 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_MD_CAN_SHA3_224 -#define MBEDTLS_MD_CAN_SHA3_256 -#define MBEDTLS_MD_CAN_SHA3_384 -#define MBEDTLS_MD_CAN_SHA3_512 -#define MBEDTLS_MD_SOME_LEGACY -#endif -#if defined(MBEDTLS_RIPEMD160_C) -#define MBEDTLS_MD_CAN_RIPEMD160 -#define MBEDTLS_MD_SOME_LEGACY -#endif - -#endif /* MBEDTLS_MD_LIGHT */ - /** The selected feature is not available. */ #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /** Bad input parameters to function. */ From 5cae6e8ddd2496f79a3e6d5145bb1e218d1ff6c2 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 9 Oct 2023 18:40:17 +0800 Subject: [PATCH 084/185] benchmark: improve code readability Signed-off-by: Yanray Wang --- programs/test/benchmark.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 06b739a7f1..d8237f544c 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -679,6 +679,7 @@ int main(int argc, char *argv[]) #if defined(MBEDTLS_CIPHER_MODE_CBC) if (todo.des3) { mbedtls_des3_context des3; + mbedtls_des3_init(&des3); if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) { mbedtls_exit(1); @@ -690,6 +691,7 @@ int main(int argc, char *argv[]) if (todo.des) { mbedtls_des_context des; + mbedtls_des_init(&des); if (mbedtls_des_setkey_enc(&des, tmp) != 0) { mbedtls_exit(1); @@ -722,6 +724,7 @@ int main(int argc, char *argv[]) if (todo.aes_cbc) { int keysize; mbedtls_aes_context aes; + mbedtls_aes_init(&aes); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize); @@ -741,6 +744,7 @@ int main(int argc, char *argv[]) int keysize; size_t iv_off = 0; mbedtls_aes_context aes; + mbedtls_aes_init(&aes); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize); @@ -758,6 +762,7 @@ int main(int argc, char *argv[]) if (todo.aes_cfb8) { int keysize; mbedtls_aes_context aes; + mbedtls_aes_init(&aes); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize); @@ -889,6 +894,7 @@ int main(int argc, char *argv[]) if (todo.aria) { int keysize; mbedtls_aria_context aria; + mbedtls_aria_init(&aria); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize); @@ -909,6 +915,7 @@ int main(int argc, char *argv[]) if (todo.camellia) { int keysize; mbedtls_camellia_context camellia; + mbedtls_camellia_init(&camellia); for (keysize = 128; keysize <= 256; keysize += 64) { mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize); @@ -1015,6 +1022,7 @@ int main(int argc, char *argv[]) if (todo.rsa) { int keysize; mbedtls_rsa_context rsa; + for (keysize = 2048; keysize <= 4096; keysize *= 2) { mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize); @@ -1057,6 +1065,7 @@ int main(int argc, char *argv[]) mbedtls_dhm_context dhm; size_t olen; size_t n; + for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) { mbedtls_dhm_init(&dhm); @@ -1170,6 +1179,7 @@ int main(int argc, char *argv[]) if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) { mbedtls_ecp_group grp; + mbedtls_ecp_group_init(&grp); if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) { mbedtls_exit(1); From dfd7ca63447a9d6df2ed86c7869eb1d9f3d623c7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 9 Oct 2023 16:30:11 +0200 Subject: [PATCH 085/185] analyze_outcomes: rename some variables for better readability Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 35 ++++++++++++++----------------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 1f20734b1d..f7fc4e3eff 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -179,7 +179,7 @@ def do_analyze_driver_vs_reference(outcome_file, args): args['ignored_tests']) # List of tasks with a function that can handle this task and additional arguments if required -TASKS = { +KNOWN_TASKS = { 'analyze_coverage': { 'test_function': do_analyze_coverage, 'args': { @@ -645,7 +645,7 @@ def main(): parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('outcomes', metavar='OUTCOMES.CSV', help='Outcome file to analyze') - parser.add_argument('task', default='all', nargs='?', + parser.add_argument('specified_tasks', default='all', nargs='?', help='Analysis to be done. By default, run all tasks. ' 'With one or more TASK, run only those. ' 'TASK can be the name of a single task or ' @@ -660,31 +660,28 @@ def main(): options = parser.parse_args() if options.list: - for task in TASKS: + for task in KNOWN_TASKS: Results.log(task) sys.exit(0) - result = True - - if options.task == 'all': - tasks = TASKS.keys() + if options.specified_tasks == 'all': + tasks_list = KNOWN_TASKS.keys() else: - tasks = re.split(r'[, ]+', options.task) + tasks_list = re.split(r'[, ]+', options.specified_tasks) - for task in tasks: - if task not in TASKS: - Results.log('Error: invalid task: {}'.format(task)) - sys.exit(1) + for task in tasks_list: + if task not in KNOWN_TASKS: - TASKS['analyze_coverage']['args']['full_coverage'] = \ - options.full_coverage + KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage - for task in TASKS: - if task in tasks: - if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']): - result = False + all_succeeded = True - if result is False: + for task in KNOWN_TASKS: + if task in tasks_list: + if not KNOWN_TASKS[task]['test_function'](options.outcomes, KNOWN_TASKS[task]['args']): + all_succeeded = False + + if all_succeeded is False: sys.exit(1) Results.log("SUCCESS :-)") except Exception: # pylint: disable=broad-except From 946720aac5995c8905dbdb70c3afca6cf5d47677 Mon Sep 17 00:00:00 2001 From: Jan Bruckner Date: Mon, 9 Oct 2023 16:26:35 +0200 Subject: [PATCH 086/185] Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled Signed-off-by: Jan Bruckner --- ChangeLog.d/fix-cpp-compilation-error.txt | 3 +++ include/mbedtls/asn1.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/fix-cpp-compilation-error.txt diff --git a/ChangeLog.d/fix-cpp-compilation-error.txt b/ChangeLog.d/fix-cpp-compilation-error.txt new file mode 100644 index 0000000000..32d86dceda --- /dev/null +++ b/ChangeLog.d/fix-cpp-compilation-error.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is + disabled. diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index c7aae0ff87..a044543af6 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -644,10 +644,10 @@ void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name); /** \} name Functions to parse ASN.1 data structures */ /** \} addtogroup asn1_module */ +#endif /* MBEDTLS_ASN1_PARSE_C */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_ASN1_PARSE_C */ - #endif /* asn1.h */ From 86f9795b0058c1c81063cbe05a7b6c07e52de6b6 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 10 Oct 2023 16:50:49 +0100 Subject: [PATCH 087/185] Update documentation Add further information about PSA hashing to the comment at the beginning of the code. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index dc698a162a..b3f3597f0a 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -33,11 +33,15 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -/* The algorithm used by this demo is SHA 256. +/* Information about hashing with the PSA API can be + * found here: + * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html + * + * The algorithm used by this demo is SHA 256. * Please see include/psa/crypto_values.h to see the other - * algorithms that are supported. If you switch to a different - * algorithm you will need to update the hash data in the - * SAMPLE_HASH_DATA macro below.*/ + * algorithms that are supported by Mbed TLS. + * If you switch to a different algorithm you will need to update + * the hash data in the SAMPLE_HASH_DATA macro below. */ #define HASH_ALG PSA_ALG_SHA_256 From 760538885a0c6d07f67c98b11e8a15b8d5f8bfc5 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 10 Oct 2023 17:38:53 +0100 Subject: [PATCH 088/185] Inform user when unknown hash algorithm supplied Excplictly inform the user that their hash algorithm selection is invalid. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index b3f3597f0a..fc39849cc3 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -84,7 +84,11 @@ int main(void) /* Compute hash using multi-part operation */ status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status != PSA_SUCCESS) { + if (status == PSA_ERROR_NOT_SUPPORTED){ + mbedtls_printf("unknown hash algorithm supplied\n"); + return EXIT_FAILURE; + } + else if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } From 34500874cee2fa1bea3109d71e7dcad764131dfb Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 10:04:54 +0100 Subject: [PATCH 089/185] Remove trailing white space in documentation Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index fc39849cc3..a3923628fa 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -36,7 +36,7 @@ /* Information about hashing with the PSA API can be * found here: * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html - * + * * The algorithm used by this demo is SHA 256. * Please see include/psa/crypto_values.h to see the other * algorithms that are supported by Mbed TLS. From 3f02bb7a96baf3cd95f4bb85f5ea1f52e9e9d9b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 2 Oct 2023 15:57:33 +0200 Subject: [PATCH 090/185] test: use full config in accelerated AEAD test Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7e6c95c62c..fb4f99f307 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3571,13 +3571,14 @@ component_test_psa_crypto_config_accel_cipher () { component_test_psa_crypto_config_accel_aead () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD" - loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" + loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \ + KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA" # Configure # --------- - # Start from default config (no TLS 1.3, no USE_PSA) - helper_libtestdriver1_adjust_config "default" + # Start from full config + helper_libtestdriver1_adjust_config "full" # Disable things that are being accelerated scripts/config.py unset MBEDTLS_GCM_C From e7bac17b5d0cef95ff160d051b88c9df246c0e5e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 2 Oct 2023 16:03:42 +0200 Subject: [PATCH 091/185] test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 15 +++++++++++++-- tests/scripts/all.sh | 3 --- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e18e9a5fc6..815bfb69c7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -1040,7 +1040,12 @@ #endif #if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) + !( defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) || \ + defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) || \ + defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif @@ -1141,7 +1146,13 @@ #error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) ) +#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ + !( defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) || \ + defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) || \ + defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) ) #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" #endif diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fb4f99f307..ab684089a5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3584,9 +3584,6 @@ component_test_psa_crypto_config_accel_aead () { scripts/config.py unset MBEDTLS_GCM_C scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CHACHAPOLY_C - # Features that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C # Build # ----- From d0411defa25f51f34b18ce83723dc22ed9d5ba41 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 3 Oct 2023 15:10:59 +0200 Subject: [PATCH 092/185] cipher: add internal symbols for AEAD capabilities Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 9c8701d38d..9f8657599f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -33,7 +33,24 @@ #include #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) +/* Support for GCM either through MbedTLS SW implementation or PSA */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_CIPHER_HAVE_GCM +#endif +/* Support for CCM either through MbedTLS SW implementation or PSA */ +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_CIPHER_HAVE_CCM +#endif +/* Support for CHACHAPOLY either through MbedTLS SW implementation or PSA */ +#if defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY +#endif + +#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ + defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) #define MBEDTLS_CIPHER_MODE_AEAD #endif From d4a10cebe4508685395fb23044f3887079af1bbf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 3 Oct 2023 15:11:48 +0200 Subject: [PATCH 093/185] cipher/tls: use new symbols for guarding AEAD code Signed-off-by: Valerio Setti --- library/cipher_wrap.c | 54 ++++++++++++--- library/ssl_ciphersuites.c | 132 ++++++++++++++++++------------------- library/ssl_msg.c | 18 ++--- library/ssl_tls.c | 6 +- 4 files changed, 120 insertions(+), 90 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index bbf57ceee7..5a789ced96 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -80,7 +80,8 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_CAMELLIA_C) MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA, #endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) +#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) MBEDTLS_CIPHER_BASE_INDEX_CCM_AES, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -104,7 +105,8 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_DES_C) MBEDTLS_CIPHER_BASE_INDEX_DES, #endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) MBEDTLS_CIPHER_BASE_INDEX_GCM_AES, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) @@ -576,7 +578,10 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } +#endif /* MBEDTLS_GCM_C */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) static const mbedtls_cipher_base_t gcm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -598,12 +603,22 @@ static const mbedtls_cipher_base_t gcm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_STREAM) NULL, #endif +#if defined(MBEDTLS_GCM_C) gcm_aes_setkey_wrap, gcm_aes_setkey_wrap, gcm_ctx_alloc, gcm_ctx_free, +#else + NULL, + NULL, + NULL, + NULL, +#endif /* MBEDTLS_GCM_C */ }; +#endif /* MBEDTLS_GCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_GCM) */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) static const mbedtls_cipher_info_t aes_128_gcm_info = { "AES-128-GCM", 16, @@ -638,7 +653,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; #endif -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_GCM_C || PSA_WANT_ALG_GCM */ #if defined(MBEDTLS_CCM_C) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, @@ -647,7 +662,10 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES, key, key_bitlen); } +#endif /* MBEDTLS_CCM_C */ +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) static const mbedtls_cipher_base_t ccm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -669,12 +687,22 @@ static const mbedtls_cipher_base_t ccm_aes_info = { #if defined(MBEDTLS_CIPHER_MODE_STREAM) NULL, #endif +#if defined(MBEDTLS_CCM_C) ccm_aes_setkey_wrap, ccm_aes_setkey_wrap, ccm_ctx_alloc, ccm_ctx_free, +#else + NULL, + NULL, + NULL, + NULL, +#endif }; +#endif /* MBEDTLS_CCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_CCM) */ +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) static const mbedtls_cipher_info_t aes_128_ccm_info = { "AES-128-CCM", 16, @@ -709,7 +737,10 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif +#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM */ +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", 16, @@ -744,7 +775,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM_STAR_NO_TAG */ #endif /* MBEDTLS_AES_C */ @@ -2245,19 +2276,24 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif #endif -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, #endif +#endif +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, @@ -2387,7 +2423,8 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_CAMELLIA_C) [MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info, #endif -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) +#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) [MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -2411,7 +2448,8 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_DES_C) [MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info, #endif -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) [MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 2368489df2..b50df5c873 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -293,7 +293,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, @@ -308,8 +308,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#if defined(MBEDTLS_CIPHER_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ @@ -320,19 +320,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CCM_C */ +#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256) +#if defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, "TLS1-3-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_MD_CAN_SHA256 */ +#endif /* MBEDTLS_CIPHER_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_CHACHAPOLY_C) && \ +#if defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) @@ -391,7 +391,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#endif /* MBEDTLS_CHACHAPOLY_C && +#endif /* MBEDTLS_CIPHER_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -415,12 +415,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -429,14 +429,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, @@ -453,7 +453,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -474,7 +474,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -489,7 +489,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -523,12 +523,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -537,12 +537,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM)) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -564,7 +564,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -579,7 +579,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -595,7 +595,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_GCM_C) + defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -603,12 +603,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", @@ -636,7 +636,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -653,7 +653,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -682,7 +682,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -696,7 +696,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -704,7 +704,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_GCM_C) + defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -712,12 +712,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", @@ -745,7 +745,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -762,7 +762,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -792,7 +792,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, @@ -806,7 +806,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -832,12 +832,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -846,12 +846,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -873,7 +873,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -888,7 +888,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -922,12 +922,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -936,12 +936,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -963,7 +963,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -978,7 +978,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -993,7 +993,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1007,7 +1007,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1036,7 +1036,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 0, @@ -1053,7 +1053,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1073,7 +1073,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1087,14 +1087,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1108,7 +1108,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1137,7 +1137,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, @@ -1154,7 +1154,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1174,7 +1174,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1188,7 +1188,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -1249,7 +1249,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1263,7 +1263,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1311,7 +1311,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_GCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1325,19 +1325,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_GCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CCM_C) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c312d816ea..ff8de9278d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -863,9 +863,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, *add_data_len = cur - add_data; } -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_transform_aead_dynamic_iv_is_explicit( mbedtls_ssl_transform const *transform) @@ -910,7 +908,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, dst_iv += dst_iv_len - dynamic_iv_len; mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len); } -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, @@ -1146,9 +1144,7 @@ hmac_failed_etm_disabled: } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1258,7 +1254,7 @@ hmac_failed_etm_disabled: auth_done++; } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { @@ -1559,9 +1555,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, * so there's no encryption to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1677,7 +1671,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d3a7ddb42f..540beb0f97 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8287,9 +8287,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; #endif -#if defined(MBEDTLS_GCM_C) || \ - defined(MBEDTLS_CCM_C) || \ - defined(MBEDTLS_CHACHAPOLY_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { size_t explicit_ivlen; @@ -8324,7 +8322,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, explicit_ivlen = transform->ivlen - transform->fixed_ivlen; transform->minlen = explicit_ivlen + transform->taglen; } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || ssl_mode == MBEDTLS_SSL_MODE_CBC || From a797ce3ed2fd23779851f1dfb4bc1e067162d099 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 3 Oct 2023 15:16:38 +0200 Subject: [PATCH 094/185] test: use full config in test_psa_crypto_config_accel_cipher Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ab684089a5..ab1007812c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3532,7 +3532,7 @@ component_test_psa_crypto_config_accel_cipher () { # --------- # Start from the default config (no TLS 1.3, no USE_PSA) - helper_libtestdriver1_adjust_config "default" + helper_libtestdriver1_adjust_config "full" # There is no intended accelerator support for ALG CMAC. Therefore, asking # for it in the build implies the inclusion of the Mbed TLS cipher From 6bd3d9b166ec086b8eefe834fec390194c2c4df7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 9 Oct 2023 09:29:25 +0200 Subject: [PATCH 095/185] cipher: fix missing spaces Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 9f8657599f..5153e19dd0 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -33,17 +33,17 @@ #include #include "mbedtls/platform_util.h" -/* Support for GCM either through MbedTLS SW implementation or PSA */ +/* Support for GCM either through Mbed TLS SW implementation or PSA */ #if defined(MBEDTLS_GCM_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) #define MBEDTLS_CIPHER_HAVE_GCM #endif -/* Support for CCM either through MbedTLS SW implementation or PSA */ +/* Support for CCM either through Mbed TLS SW implementation or PSA */ #if defined(MBEDTLS_CCM_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) #define MBEDTLS_CIPHER_HAVE_CCM #endif -/* Support for CHACHAPOLY either through MbedTLS SW implementation or PSA */ +/* Support for CHACHAPOLY either through Mbed TLS SW implementation or PSA */ #if defined(MBEDTLS_CHACHAPOLY_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) #define MBEDTLS_CIPHER_HAVE_CHACHAPOLY From 4d0e84628c28d931823d47d5e87f4911e00c8e63 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 13:20:21 +0200 Subject: [PATCH 096/185] ssl: reorganize guards surrounding ssl_get_ecdh_params_from_cert() Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index b4719d6d15..4433e8b4ad 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2604,9 +2604,9 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ - (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ +#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)) +#if defined(MBEDTLS_USE_PSA_CRYPTO) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { @@ -2716,8 +2716,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return ret; } -#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) +#else /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { @@ -2743,6 +2742,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return 0; } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ From 02a634decd0f07c9d29985e81a670c7e8a16a89e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 6 Oct 2023 16:24:04 +0200 Subject: [PATCH 097/185] md: remove unnecessary inclusions of mbedtls/md.h Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 1 - include/mbedtls/ssl.h | 1 - include/mbedtls/ssl_ciphersuites.h | 1 - library/psa_crypto.c | 1 - library/rsa.c | 1 - library/x509write.c | 1 - library/x509write_crt.c | 1 - tests/include/test/psa_crypto_helpers.h | 3 --- tests/src/drivers/test_driver_signature.c | 1 - tests/suites/test_suite_entropy.function | 1 - tests/suites/test_suite_md.function | 1 - tests/suites/test_suite_pkcs1_v15.function | 1 - tests/suites/test_suite_psa_crypto_persistent_key.function | 2 -- 13 files changed, 16 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 9545072296..8ab7f7f944 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -34,7 +34,6 @@ #include "mbedtls/cipher.h" #endif -#include "mbedtls/md.h" /** OID is not found. */ #define MBEDTLS_ERR_OID_NOT_FOUND -0x002E diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index debb1cc2c1..b69e3150fb 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -40,7 +40,6 @@ #include "mbedtls/dhm.h" #endif -#include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) #include "mbedtls/ecdh.h" diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 07f2facef5..07791e5411 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -27,7 +27,6 @@ #include "mbedtls/pk.h" #include "mbedtls/cipher.h" -#include "mbedtls/md.h" #ifdef __cplusplus extern "C" { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1faf1dd6ca..739b077082 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -73,7 +73,6 @@ #include "mbedtls/error.h" #include "mbedtls/gcm.h" #include "mbedtls/md5.h" -#include "mbedtls/md.h" #include "mbedtls/pk.h" #include "pk_wrap.h" #include "mbedtls/platform_util.h" diff --git a/library/rsa.c b/library/rsa.c index 3c538bf439..802bf5d24a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2431,7 +2431,6 @@ void mbedtls_rsa_free(mbedtls_rsa_context *ctx) #if defined(MBEDTLS_SELF_TEST) -#include "mbedtls/md.h" /* * Example RSA-1024 keypair, for test purposes diff --git a/library/x509write.c b/library/x509write.c index cd3c7394d5..5628c29efc 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -25,7 +25,6 @@ #include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" -#include "mbedtls/md.h" #include #include diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a8a3022cb5..c0657a8275 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -33,7 +33,6 @@ #include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" -#include "mbedtls/md.h" #include #include diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 9ba7dbcd96..959308af9c 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -28,9 +28,6 @@ #include #endif -#if defined(MBEDTLS_MD_LIGHT) -#include "mbedtls/md.h" -#endif #if defined(MBEDTLS_PSA_CRYPTO_C) /** Initialize the PSA Crypto subsystem. */ diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index c312477c8a..7d1f91fdf0 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -33,7 +33,6 @@ #include "test/drivers/signature.h" #include "test/drivers/hash.h" -#include "mbedtls/md.h" #include "mbedtls/ecdsa.h" #include "test/random.h" diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 0e013b740d..7c7e43f17e 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,7 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" #include "entropy_poll.h" -#include "mbedtls/md.h" #include "string.h" typedef enum { diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 866ff588f8..71dcb87655 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,5 +1,4 @@ /* BEGIN_HEADER */ -#include "mbedtls/md.h" #include "md_psa.h" #include "mbedtls/oid.h" diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 7113274550..716ae4453d 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -1,6 +1,5 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" -#include "mbedtls/md.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index a48114ff64..c4e4c7dc05 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -17,8 +17,6 @@ #include "psa_crypto_slot_management.h" #include "psa_crypto_storage.h" -#include "mbedtls/md.h" - #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY" #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER)) From 66f9b3f8100c67866ab8ac917e9ef98363b166f9 Mon Sep 17 00:00:00 2001 From: Mehmet Cagri Aksoy Date: Tue, 10 Oct 2023 20:51:29 +0200 Subject: [PATCH 098/185] Add casting size_t to int Signed-off-by: Mehmet Cagri Aksoy --- library/ssl_tls13_keys.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 6905d926ac..ef4bd86391 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1019,14 +1019,14 @@ int mbedtls_ssl_tls13_populate_transform( #if !defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, - key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info), + (int)key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info), MBEDTLS_ENCRYPT)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); return ret; } if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, - key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info), + (int)key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info), MBEDTLS_DECRYPT)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); return ret; From 56e9011bde9e671c6764169d90ad3518f5d991da Mon Sep 17 00:00:00 2001 From: Mehmet Cagri Aksoy Date: Wed, 11 Oct 2023 15:28:06 +0200 Subject: [PATCH 099/185] Add casting size_t to int Signed-off-by: Mehmet Cagri Aksoy --- library/ssl_tls13_keys.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ef4bd86391..5ae6210056 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1019,14 +1019,14 @@ int mbedtls_ssl_tls13_populate_transform( #if !defined(MBEDTLS_USE_PSA_CRYPTO) if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc, - (int)key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info), + key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), MBEDTLS_ENCRYPT)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); return ret; } if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec, - (int)key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info), + key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info), MBEDTLS_DECRYPT)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret); return ret; From 1c2378b8b1a64c19d356d255c1238af9a0367750 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:19:38 +0100 Subject: [PATCH 100/185] Add variable for message length Add variable to store message length to increase clarity in what the program is doing. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index a3923628fa..9b02255ccb 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -51,11 +51,15 @@ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } -const uint8_t sample_message[] = "Hello World!"; - const uint8_t sample_hash[] = SAMPLE_HASH_DATA; const size_t sample_hash_len = sizeof(sample_hash); +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { @@ -95,7 +99,7 @@ int main(void) /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to * include the null byte in the hash computation */ - status = psa_hash_update(&hash_operation, sample_message, sizeof(sample_message) - 1); + status = psa_hash_update(&hash_operation, sample_message, sample_message_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); goto cleanup; @@ -135,7 +139,7 @@ int main(void) /* Compute hash using one-shot function call */ status = psa_hash_compute(HASH_ALG, - sample_message, sizeof(sample_message) - 1, + sample_message, sample_message_length, hash, sizeof(hash), &hash_length); if (status != PSA_SUCCESS) { From cd79f77439fc621f09ae1996770c191a2e724fd8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:28:13 +0100 Subject: [PATCH 101/185] Add missing newline Newline character was missing from end of print statement. Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 9b02255ccb..c75972249d 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -107,7 +107,7 @@ int main(void) status = psa_hash_clone(&hash_operation, &cloned_hash_operation); if (status != PSA_SUCCESS) { - mbedtls_printf("PSA hash clone failed"); + mbedtls_printf("PSA hash clone failed\n"); goto cleanup; } From d8453bb1848e8f7575d1447ea342cd5ec817c13c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 15:29:02 +0100 Subject: [PATCH 102/185] Remove superfluous comment Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index c75972249d..18fefeddc3 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -97,8 +97,6 @@ int main(void) return EXIT_FAILURE; } - /* Note: Here we use sizeof(sample_message) - 1 since we don't wish to - * include the null byte in the hash computation */ status = psa_hash_update(&hash_operation, sample_message, sample_message_length); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_update failed\n"); From ee62fceadec33a5952961377a0090e321f39a897 Mon Sep 17 00:00:00 2001 From: Jerzy Kasenberg Date: Wed, 11 Oct 2023 16:36:24 +0200 Subject: [PATCH 103/185] Rename local variable in aes.c This changes local variable name RCON to round_constants. RCON being definition in xc32 compiler headers for some PIC32 register. Without this change, mynewt project for PIC32 platform fails to build due to macro redefinition. This does not changes behavior of library in any way. Signed-off-by: Jerzy Kasenberg --- library/aes.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/aes.c b/library/aes.c index 0a7b26ce90..f1a5a4477d 100644 --- a/library/aes.c +++ b/library/aes.c @@ -360,7 +360,7 @@ static const uint32_t RT3[256] = { RT }; /* * Round constants */ -static const uint32_t RCON[10] = +static const uint32_t round_constants[10] = { 0x00000001, 0x00000002, 0x00000004, 0x00000008, 0x00000010, 0x00000020, 0x00000040, 0x00000080, @@ -407,7 +407,7 @@ static uint32_t RT3[256]; /* * Round constants */ -static uint32_t RCON[10]; +static uint32_t round_constants[10]; /* * Tables generation code @@ -438,7 +438,7 @@ static void aes_gen_tables(void) * calculate the round constants */ for (i = 0, x = 1; i < 10; i++) { - RCON[i] = x; + round_constants[i] = x; x = XTIME(x); } @@ -666,7 +666,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 10: for (unsigned int i = 0; i < 10; i++, RK += 4) { - RK[4] = RK[0] ^ RCON[i] ^ + RK[4] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^ @@ -682,7 +682,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 12: for (unsigned int i = 0; i < 8; i++, RK += 6) { - RK[6] = RK[0] ^ RCON[i] ^ + RK[6] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^ @@ -699,7 +699,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, case 14: for (unsigned int i = 0; i < 7; i++, RK += 8) { - RK[8] = RK[0] ^ RCON[i] ^ + RK[8] = RK[0] ^ round_constants[i] ^ ((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^ ((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^ ((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^ From a21c97294109b75f2913fffc149541901652135b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 11 Oct 2023 17:17:32 +0100 Subject: [PATCH 104/185] Remove extra blank line Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 1 - 1 file changed, 1 deletion(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 18fefeddc3..dd3bf74763 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -24,7 +24,6 @@ * limitations under the License. */ - #include "psa/crypto.h" #include #include From aaef0bc172d09c289d8f59c01187c4cbaf76af38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 10 Oct 2023 09:42:13 +0200 Subject: [PATCH 105/185] analyze_outcomes: improve logging system - the script now only terminates in case of hard faults - each task is assigned a log - this log tracks messages, warning and errors - when task completes, errors and warnings are listed and messages are appended to the main log - on exit the main log is printed and the proper return value is returned Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 100 +++++++++++++++++++----------- 1 file changed, 63 insertions(+), 37 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index f7fc4e3eff..49445a4735 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -15,25 +15,31 @@ import os import check_test_cases -class Results: +class TestLog: """Process analysis results.""" def __init__(self): self.error_count = 0 self.warning_count = 0 + self.output = "" - @staticmethod - def log(fmt, *args, **kwargs): - sys.stderr.write((fmt + '\n').format(*args, **kwargs)) + def add_line(self, fmt, *args, **kwargs): + self.output = self.output + (fmt + '\n').format(*args, **kwargs) + + def info(self, fmt, *args, **kwargs): + self.add_line(fmt, *args, **kwargs) def error(self, fmt, *args, **kwargs): - self.log('Error: ' + fmt, *args, **kwargs) + self.info('Error: ' + fmt, *args, **kwargs) self.error_count += 1 def warning(self, fmt, *args, **kwargs): - self.log('Warning: ' + fmt, *args, **kwargs) + self.info('Warning: ' + fmt, *args, **kwargs) self.warning_count += 1 + def print_output(self): + sys.stderr.write(self.output) + class TestCaseOutcomes: """The outcomes of one test case across many configurations.""" # pylint: disable=too-few-public-methods @@ -53,25 +59,27 @@ class TestCaseOutcomes: """ return len(self.successes) + len(self.failures) -def execute_reference_driver_tests(ref_component, driver_component, outcome_file): +def execute_reference_driver_tests(log: TestLog, ref_component, driver_component, \ + outcome_file) -> TestLog: """Run the tests specified in ref_component and driver_component. Results are stored in the output_file and they will be used for the following coverage analysis""" # If the outcome file already exists, we assume that the user wants to # perform the comparison analysis again without repeating the tests. if os.path.exists(outcome_file): - Results.log("Outcome file (" + outcome_file + ") already exists. " + \ - "Tests will be skipped.") - return + log.info("Outcome file (" + outcome_file + ") already exists. " + \ + "Tests will be skipped.") + return log shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component - Results.log("Running: " + shell_command) + log.info("Running: " + shell_command) ret_val = subprocess.run(shell_command.split(), check=False).returncode if ret_val != 0: - Results.log("Error: failed to run reference/driver components") - sys.exit(ret_val) + log.error("failed to run reference/driver components") + + return log def analyze_coverage(results, outcomes, allow_list, full_coverage): """Check that all available test cases are executed at least once.""" @@ -90,7 +98,8 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): else: results.warning('Allow listed test case was executed: {}', key) -def analyze_driver_vs_reference(outcomes, component_ref, component_driver, +def analyze_driver_vs_reference(log: TestLog, outcomes, + component_ref, component_driver, ignored_suites, ignored_test=None): """Check that all tests executed in the reference component are also executed in the corresponding driver component. @@ -100,7 +109,6 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, output string is provided """ available = check_test_cases.collect_available_test_cases() - result = True for key in available: # Continue if test was not executed by any component @@ -125,16 +133,15 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver, if component_ref in entry: reference_test_passed = True if(reference_test_passed and not driver_test_passed): - Results.log(key) - result = False - return result + log.error(key) -def analyze_outcomes(outcomes, args): + return log + +def analyze_outcomes(log: TestLog, outcomes, args) -> TestLog: """Run all analyses on the given outcome collection.""" - results = Results() - analyze_coverage(results, outcomes, args['allow_list'], + analyze_coverage(log, outcomes, args['allow_list'], args['full_coverage']) - return results + return log def read_outcome_file(outcome_file): """Parse an outcome file and return an outcome collection. @@ -159,24 +166,32 @@ by a semicolon. def do_analyze_coverage(outcome_file, args): """Perform coverage analysis.""" + log = TestLog() + log.info("\n*** Analyze coverage ***\n") outcomes = read_outcome_file(outcome_file) - Results.log("\n*** Analyze coverage ***\n") - results = analyze_outcomes(outcomes, args) - return results.error_count == 0 + log = analyze_outcomes(log, outcomes, args) + return log def do_analyze_driver_vs_reference(outcome_file, args): """Perform driver vs reference analyze.""" - execute_reference_driver_tests(args['component_ref'], \ - args['component_driver'], outcome_file) + log = TestLog() + + log = execute_reference_driver_tests(log, args['component_ref'], \ + args['component_driver'], outcome_file) + if log.error_count != 0: + return log ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] outcomes = read_outcome_file(outcome_file) - Results.log("\n*** Analyze driver {} vs reference {} ***\n".format( + + log.info("\n*** Analyze driver {} vs reference {} ***\n".format( args['component_driver'], args['component_ref'])) - return analyze_driver_vs_reference(outcomes, args['component_ref'], - args['component_driver'], ignored_suites, - args['ignored_tests']) + log = analyze_driver_vs_reference(log, outcomes, + args['component_ref'], args['component_driver'], + ignored_suites, args['ignored_tests']) + + return log # List of tasks with a function that can handle this task and additional arguments if required KNOWN_TASKS = { @@ -641,6 +656,8 @@ KNOWN_TASKS = { } def main(): + main_log = TestLog() + try: parser = argparse.ArgumentParser(description=__doc__) parser.add_argument('outcomes', metavar='OUTCOMES.CSV', @@ -661,16 +678,17 @@ def main(): if options.list: for task in KNOWN_TASKS: - Results.log(task) + main_log.info(task) + main_log.print_output() sys.exit(0) if options.specified_tasks == 'all': tasks_list = KNOWN_TASKS.keys() else: tasks_list = re.split(r'[, ]+', options.specified_tasks) - for task in tasks_list: if task not in KNOWN_TASKS: + main_log.error('invalid task: {}'.format(task)) KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage @@ -678,12 +696,20 @@ def main(): for task in KNOWN_TASKS: if task in tasks_list: - if not KNOWN_TASKS[task]['test_function'](options.outcomes, KNOWN_TASKS[task]['args']): + test_function = KNOWN_TASKS[task]['test_function'] + test_args = KNOWN_TASKS[task]['args'] + test_log = test_function(options.outcomes, test_args) + # Merge the output of this task with the main one + main_log.output = main_log.output + test_log.output + main_log.info("Task {} completed with:\n".format(task) + \ + "{} warnings\n".format(test_log.warning_count) + \ + "{} errors\n".format(test_log.error_count)) + if test_log.error_count != 0: all_succeeded = False - if all_succeeded is False: - sys.exit(1) - Results.log("SUCCESS :-)") + main_log.print_output() + sys.exit(0 if all_succeeded else 1) + except Exception: # pylint: disable=broad-except # Print the backtrace and exit explicitly with our chosen status. traceback.print_exc() From e570704f1fa834a5fc408cd0efad31613655b164 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Oct 2023 11:54:42 +0200 Subject: [PATCH 106/185] ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 16 +-- include/mbedtls/config_adjust_legacy_crypto.h | 20 +++ library/ssl_ciphersuites.c | 128 +++++++++--------- library/ssl_msg.c | 16 +-- library/ssl_tls.c | 4 +- 5 files changed, 98 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 815bfb69c7..2e7128595e 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -1040,12 +1040,8 @@ #endif #if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) || \ - defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) || \ - defined(MBEDTLS_CHACHAPOLY_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) ) + !( defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif @@ -1147,12 +1143,8 @@ #endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ - !( defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) || \ - defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) || \ - defined(MBEDTLS_CHACHAPOLY_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) ) + !( defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 495cd5ab3b..53c03b5d3b 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -192,4 +192,24 @@ #define MBEDTLS_CIPHER_PADDING_PKCS7 #endif +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_SSL_HAVE_GCM +#endif + +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_SSL_HAVE_CCM +#endif + +#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_SSL_HAVE_CHACHAPOLY +#endif + +#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \ + defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) +#define MBEDTLS_SSL_HAVE_AEAD +#endif + #endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index b50df5c873..95aa5816ce 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -293,7 +293,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA384) { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, @@ -308,8 +308,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) +#endif /* MBEDTLS_SSL_HAVE_GCM */ +#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ @@ -320,19 +320,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256, "TLS1-3-CHACHA20-POLY1305-SHA256", MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_CIPHER_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ +#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ -#if defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) && \ +#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) @@ -391,7 +391,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#endif /* MBEDTLS_CIPHER_HAVE_CHACHAPOLY && +#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_PROTO_TLS1_2 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) @@ -415,12 +415,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -429,14 +429,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, @@ -453,7 +453,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -474,7 +474,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -489,7 +489,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -528,7 +528,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -542,7 +542,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -564,7 +564,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -579,7 +579,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -595,7 +595,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_CIPHER_HAVE_GCM) + defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -603,12 +603,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", @@ -636,7 +636,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, @@ -653,7 +653,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -682,7 +682,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -696,7 +696,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ @@ -704,7 +704,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_AES_C) #if defined(MBEDTLS_MD_CAN_SHA384) && \ - defined(MBEDTLS_CIPHER_HAVE_GCM) + defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -712,12 +712,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256", @@ -745,7 +745,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, 0, @@ -762,7 +762,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -792,7 +792,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA, @@ -806,7 +806,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ @@ -832,12 +832,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -846,12 +846,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -873,7 +873,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -888,7 +888,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -922,12 +922,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ #if defined(MBEDTLS_MD_CAN_SHA384) #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -936,12 +936,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_AES_C */ @@ -963,7 +963,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256", @@ -978,7 +978,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) @@ -993,7 +993,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1007,7 +1007,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1036,7 +1036,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, 0, @@ -1053,7 +1053,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1073,7 +1073,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1087,14 +1087,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1108,7 +1108,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1137,7 +1137,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA1 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, @@ -1154,7 +1154,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -1174,7 +1174,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1188,7 +1188,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ @@ -1249,7 +1249,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1263,7 +1263,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_CIPHER_MODE_CBC) #if defined(MBEDTLS_MD_CAN_SHA256) @@ -1311,7 +1311,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #endif /* MBEDTLS_MD_CAN_SHA384 */ #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_SSL_HAVE_GCM) #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256", MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1325,19 +1325,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA384 */ -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_CAMELLIA_C */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_AES_C) -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8", MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE, MBEDTLS_CIPHERSUITE_SHORT_TAG, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_SSL_HAVE_CCM */ #endif /* MBEDTLS_AES_C */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ff8de9278d..12b8f9bf01 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -863,7 +863,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data, *add_data_len = cur - add_data; } -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_HAVE_AEAD) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_transform_aead_dynamic_iv_is_explicit( mbedtls_ssl_transform const *transform) @@ -908,7 +908,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv, dst_iv += dst_iv_len - dynamic_iv_len; mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len); } -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, @@ -1144,7 +1144,7 @@ hmac_failed_etm_disabled: } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1254,7 +1254,7 @@ hmac_failed_etm_disabled: auth_done++; } else -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { @@ -1492,9 +1492,9 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec) { -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD) size_t olen; -#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */ mbedtls_ssl_mode_t ssl_mode; int ret; @@ -1555,7 +1555,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, * so there's no encryption to do here.*/ } else #endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { unsigned char iv[12]; unsigned char *dynamic_iv; @@ -1671,7 +1671,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } } else -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) if (ssl_mode == MBEDTLS_SSL_MODE_CBC || ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 540beb0f97..827b7fbcfc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8287,7 +8287,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8; #endif -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_SSL_HAVE_AEAD) if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) { size_t explicit_ivlen; @@ -8322,7 +8322,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, explicit_ivlen = transform->ivlen - transform->fixed_ivlen; transform->minlen = explicit_ivlen + transform->taglen; } else -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_SSL_HAVE_AEAD */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if (ssl_mode == MBEDTLS_SSL_MODE_STREAM || ssl_mode == MBEDTLS_SSL_MODE_CBC || From db1ca8fc3344df9c5b065ea0247d2df7a65ee539 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 11 Oct 2023 12:46:16 +0200 Subject: [PATCH 107/185] cipher: keep MBEDTLS_CIPHER_HAVE symbols private This commit also improve the usage of these new symbols in cipher_wrap code Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 25 ++------------ library/cipher.c | 16 ++++----- library/cipher_wrap.c | 46 +++++++++---------------- library/cipher_wrap.h | 36 +++++++++++++++++++ tests/suites/test_suite_cipher.function | 2 +- 5 files changed, 64 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 5153e19dd0..bda768cfb4 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -33,27 +33,6 @@ #include #include "mbedtls/platform_util.h" -/* Support for GCM either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) -#define MBEDTLS_CIPHER_HAVE_GCM -#endif -/* Support for CCM either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) -#define MBEDTLS_CIPHER_HAVE_CCM -#endif -/* Support for CHACHAPOLY either through Mbed TLS SW implementation or PSA */ -#if defined(MBEDTLS_CHACHAPOLY_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) -#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY -#endif - -#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ - defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) -#define MBEDTLS_CIPHER_MODE_AEAD -#endif - #if defined(MBEDTLS_CIPHER_MODE_CBC) #define MBEDTLS_CIPHER_MODE_WITH_PADDING #endif @@ -1097,7 +1076,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. * @@ -1204,7 +1183,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } #endif diff --git a/library/cipher.c b/library/cipher.c index 9f9f1075c7..f17f3e0e1f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1390,7 +1390,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, return 0; } -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). @@ -1569,9 +1569,9 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ @@ -1607,7 +1607,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* AEAD case: check length before passing on to shared function */ if (output_len < ilen + tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1620,7 +1620,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, return ret; #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ } /* @@ -1658,7 +1658,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_MODE_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) /* AEAD case: check length before passing on to shared function */ if (ilen < tag_len || output_len < ilen - tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1669,8 +1669,8 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, input + ilen - tag_len, tag_len); #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ } -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 5a789ced96..63b725fb70 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -80,8 +80,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_CAMELLIA_C) MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA, #endif -#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) MBEDTLS_CIPHER_BASE_INDEX_CCM_AES, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -105,8 +104,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_DES_C) MBEDTLS_CIPHER_BASE_INDEX_DES, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) MBEDTLS_CIPHER_BASE_INDEX_GCM_AES, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) @@ -580,8 +578,7 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) static const mbedtls_cipher_base_t gcm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -615,10 +612,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif /* MBEDTLS_GCM_C */ }; -#endif /* MBEDTLS_GCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_GCM) */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) static const mbedtls_cipher_info_t aes_128_gcm_info = { "AES-128-GCM", 16, @@ -653,7 +649,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; #endif -#endif /* MBEDTLS_GCM_C || PSA_WANT_ALG_GCM */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM */ #if defined(MBEDTLS_CCM_C) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, @@ -664,8 +660,7 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) static const mbedtls_cipher_base_t ccm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -699,10 +694,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif }; -#endif /* MBEDTLS_CCM_C || (MBEDTLS_USE_PSA_CRYPTO && PSA_WANT_ALG_CCM) */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) static const mbedtls_cipher_info_t aes_128_ccm_info = { "AES-128-CCM", 16, @@ -737,10 +731,9 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM */ -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", 16, @@ -775,7 +768,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CCM_C || PSA_WANT_ALG_CCM_STAR_NO_TAG */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG */ #endif /* MBEDTLS_AES_C */ @@ -2276,24 +2269,21 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif #endif -#if defined(MBEDTLS_GCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, #endif #endif -#if defined(MBEDTLS_CCM_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, @@ -2423,8 +2413,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_CAMELLIA_C) [MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info, #endif -#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) [MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -2448,8 +2437,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_DES_C) [MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info, #endif -#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) [MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index c85a4efa8d..53cf12ff40 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -36,6 +36,42 @@ extern "C" { #endif +/* Support for GCM either through Mbed TLS SW implementation or PSA */ +#if defined(MBEDTLS_GCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) +#define MBEDTLS_CIPHER_HAVE_GCM +#endif + +#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_GCM_AES +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) +#define MBEDTLS_CIPHER_HAVE_CCM +#endif + +#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) +#define MBEDTLS_CIPHER_HAVE_CCM_AES +#endif + +#if defined(MBEDTLS_CCM_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) +#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG +#endif + +#if defined(MBEDTLS_CHACHAPOLY_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) +#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY +#endif + +#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) || defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) +#define MBEDTLS_CIPHER_HAVE_SOME_AEAD +#endif + /** * Base cipher information. The non-mode specific functions and values. */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index fdf22a92fe..da43fda19f 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -6,7 +6,7 @@ #include "mbedtls/gcm.h" #endif -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_AUTH_CRYPT #endif From 2e67781e932b9e14d98b585b0038eaee5eb1a5b3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 12 Oct 2023 10:46:43 +0100 Subject: [PATCH 108/185] Alter program layout for better clarity Signed-off-by: Thomas Daubney --- programs/psa/psa_hash.c | 56 ++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index dd3bf74763..d3a6bf857a 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -40,24 +40,7 @@ * Please see include/psa/crypto_values.h to see the other * algorithms that are supported by Mbed TLS. * If you switch to a different algorithm you will need to update - * the hash data in the SAMPLE_HASH_DATA macro below. */ - -#define HASH_ALG PSA_ALG_SHA_256 - -#define SAMPLE_HASH_DATA { \ - 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ - 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ - 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ -} - -const uint8_t sample_hash[] = SAMPLE_HASH_DATA; -const size_t sample_hash_len = sizeof(sample_hash); - -const uint8_t sample_message[] = "Hello World!"; -/* sample_message is terminated with a null byte which is not part of - * the message itself so we make sure to subtract it in order to get - * the message length. */ -const size_t sample_message_length = sizeof(sample_message) - 1; + * the hash data in the EXAMPLE_HASH_VALUE macro below. */ #if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) @@ -68,6 +51,23 @@ int main(void) } #else +#define HASH_ALG PSA_ALG_SHA_256 + +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + +#define EXPECTED_HASH_VALUE { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ +} + +const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +const size_t expected_hash_len = sizeof(expected_hash); + int main(void) { psa_status_t status; @@ -85,13 +85,11 @@ int main(void) } /* Compute hash using multi-part operation */ - status = psa_hash_setup(&hash_operation, HASH_ALG); - if (status == PSA_ERROR_NOT_SUPPORTED){ + if (status == PSA_ERROR_NOT_SUPPORTED) { mbedtls_printf("unknown hash algorithm supplied\n"); return EXIT_FAILURE; - } - else if (status != PSA_SUCCESS) { + } else if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_setup failed\n"); return EXIT_FAILURE; } @@ -115,14 +113,15 @@ int main(void) } /* Check the result of the operation against the sample */ - if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); goto cleanup; } status = - psa_hash_verify(&cloned_hash_operation, sample_hash, - sample_hash_len); + psa_hash_verify(&cloned_hash_operation, expected_hash, + expected_hash_len); if (status != PSA_SUCCESS) { mbedtls_printf("psa_hash_verify failed\n"); goto cleanup; @@ -144,7 +143,8 @@ int main(void) goto cleanup; } - if (hash_length != sample_hash_len || (memcmp(hash, sample_hash, sample_hash_len) != 0)) { + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); goto cleanup; } @@ -154,7 +154,7 @@ int main(void) /* Print out result */ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); - for (size_t j = 0; j < sample_hash_len; j++) { + for (size_t j = 0; j < expected_hash_len; j++) { mbedtls_printf("%02x", hash[j]); } @@ -168,4 +168,4 @@ cleanup: psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } -#endif /* MBEDTLS_PSA_CRYPTO_C && PSA_WANT_ALG_SHA_256 */ +#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */ From 476c1198e8a5e31b9674da98e58061a84a677711 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 14:19:25 +0100 Subject: [PATCH 109/185] Fix possible NULL dereference issue in X509 cert_write program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_write.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 40b1871f38..5e0d608bcf 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -583,6 +583,9 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; + } else { + mbedtls_printf("Invalid argument for option SAN: Entry should be seperated by a colon\n"); + goto usage; } if (strcmp(q, "RFC822") == 0) { cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; From 1444c0eb20163cf4979902572c08e9e720a9a310 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 14:31:06 +0100 Subject: [PATCH 110/185] Add changelog entry for x509 cert_write null dereference fix Also fix a typo in cert_write.c Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_write.txt | 2 ++ programs/x509/cert_write.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-issue-x509-cert_write.txt diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt new file mode 100644 index 0000000000..7e1f31d2eb --- /dev/null +++ b/ChangeLog.d/fix-issue-x509-cert_write.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix possible NULL dereference issue in X509 cert_write program if an entry in the san parameter is not separated by a colon. diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 5e0d608bcf..19215c9547 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -584,7 +584,7 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; } else { - mbedtls_printf("Invalid argument for option SAN: Entry should be seperated by a colon\n"); + mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From ac97af223eda0358413dee5349d6912d82d891f8 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 15:46:06 +0100 Subject: [PATCH 111/185] Fix possible NULL dereference issue in X509 cert_req program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_req.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 558d8cc736..bc4eb80d5e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -261,6 +261,9 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; + } else { + mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); + goto usage; } if (strcmp(q, "RFC822") == 0) { cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; From 737cfe184b47472fda7305a3f90f9805dbc9de44 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Thu, 12 Oct 2023 15:51:13 +0100 Subject: [PATCH 112/185] Add changelog entry for x509 cert_req null dereference fix Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_req.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/fix-issue-x509-cert_req.txt diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt new file mode 100644 index 0000000000..7e4effdf80 --- /dev/null +++ b/ChangeLog.d/fix-issue-x509-cert_req.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix possible NULL dereference issue in X509 cert_req program if an entry in the san parameter is not separated by a colon. From bcb1818e19ea455cfddb7926d247513ce4e91939 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 12 Oct 2023 11:50:30 +0100 Subject: [PATCH 113/185] Fix IAR 'transfer of control bypasses initialization' warnings Signed-off-by: Dave Rodgman --- library/pkcs12.c | 3 ++- library/pkcs5.c | 3 ++- library/x509_create.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 4db2a4bbf4..4e12476d21 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -172,6 +172,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, size_t iv_len = 0; size_t finish_olen = 0; unsigned int padlen = 0; + mbedtls_cipher_padding_t padding; if (pwd == NULL && pwdlen != 0) { return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; @@ -218,7 +219,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /* PKCS12 uses CBC with PKCS7 padding */ - mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; + padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) /* For historical reasons, when decrypting, this function works when * decrypting even when support for PKCS7 padding is disabled. In this diff --git a/library/pkcs5.c b/library/pkcs5.c index 2756d058e0..3dc97a557c 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -152,6 +152,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_alg; mbedtls_cipher_context_t cipher_ctx; unsigned int padlen = 0; + mbedtls_cipher_padding_t padding; p = pbe_params->p; end = p + pbe_params->len; @@ -246,7 +247,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, * "PKCS5 padding" except that it's typically only called PKCS5 * with 64-bit-block ciphers). */ - mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; + padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) /* For historical reasons, when decrypting, this function works when * decrypting even when support for PKCS7 padding is disabled. In this diff --git a/library/x509_create.c b/library/x509_create.c index 2583cdd0fd..93ca2debcd 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -243,6 +243,8 @@ static int parse_attribute_value_hex_der_encoded(const char *s, return MBEDTLS_ERR_X509_ALLOC_FAILED; } /* Beyond this point, der needs to be freed on exit. */ + unsigned char *p = der + 1; + for (size_t i = 0; i < der_length; i++) { int c = hexpair_to_int(s + 2 * i); if (c < 0) { @@ -254,7 +256,6 @@ static int parse_attribute_value_hex_der_encoded(const char *s, /* Step 3: decode the DER. */ /* We've checked that der_length >= 1 above. */ *tag = der[0]; - unsigned char *p = der + 1; if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { goto error; } From 351a81c65dbd12adb29f807bad5c433a8739d1b2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 12 Oct 2023 16:36:05 +0100 Subject: [PATCH 114/185] Keep initialisation of p in its original location Signed-off-by: Dave Rodgman --- library/x509_create.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 93ca2debcd..271d4f12cb 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -218,6 +218,8 @@ static int parse_attribute_value_hex_der_encoded(const char *s, size_t *data_len, int *tag) { + unsigned char *p; + /* Step 1: preliminary length checks. */ /* Each byte is encoded by exactly two hexadecimal digits. */ if (len % 2 != 0) { @@ -243,8 +245,6 @@ static int parse_attribute_value_hex_der_encoded(const char *s, return MBEDTLS_ERR_X509_ALLOC_FAILED; } /* Beyond this point, der needs to be freed on exit. */ - unsigned char *p = der + 1; - for (size_t i = 0; i < der_length; i++) { int c = hexpair_to_int(s + 2 * i); if (c < 0) { @@ -256,6 +256,7 @@ static int parse_attribute_value_hex_der_encoded(const char *s, /* Step 3: decode the DER. */ /* We've checked that der_length >= 1 above. */ *tag = der[0]; + p = der + 1; if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { goto error; } From 584c8108b3b997e8b5fff93e0187d87cd9d8b406 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 12 Oct 2023 16:55:23 +0100 Subject: [PATCH 115/185] Use a block to save 12b Signed-off-by: Dave Rodgman --- library/x509_create.c | 44 +++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 271d4f12cb..3074ce41ca 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -218,8 +218,6 @@ static int parse_attribute_value_hex_der_encoded(const char *s, size_t *data_len, int *tag) { - unsigned char *p; - /* Step 1: preliminary length checks. */ /* Each byte is encoded by exactly two hexadecimal digits. */ if (len % 2 != 0) { @@ -256,31 +254,33 @@ static int parse_attribute_value_hex_der_encoded(const char *s, /* Step 3: decode the DER. */ /* We've checked that der_length >= 1 above. */ *tag = der[0]; - p = der + 1; - if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { - goto error; - } - /* Now p points to the first byte of the payload inside der, - * and *data_len is the length of the payload. */ + { + unsigned char *p = der + 1; + if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { + goto error; + } + /* Now p points to the first byte of the payload inside der, + * and *data_len is the length of the payload. */ - /* Step 4: payload validation */ - if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { - goto error; - } - /* Strings must not contain null bytes. */ - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { - for (size_t i = 0; i < *data_len; i++) { - if (p[i] == 0) { - goto error; + /* Step 4: payload validation */ + if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { + goto error; + } + /* Strings must not contain null bytes. */ + if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { + for (size_t i = 0; i < *data_len; i++) { + if (p[i] == 0) { + goto error; + } } } - } - /* Step 5: output the payload. */ - if (*data_len > data_size) { - goto error; + /* Step 5: output the payload. */ + if (*data_len > data_size) { + goto error; + } + memcpy(data, p, *data_len); } - memcpy(data, p, *data_len); mbedtls_free(der); return 0; From 193e383686f1e187f0095bdaf12e860dfd78156e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 13 Oct 2023 09:37:24 +0200 Subject: [PATCH 116/185] check_config: fix typo causing build issues with only CCM enabled Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2e7128595e..d9c3b813e3 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -1040,7 +1040,7 @@ #endif #if defined(MBEDTLS_SSL_TICKET_C) && \ - !( defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" #endif @@ -1143,7 +1143,7 @@ #endif #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \ - !( defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ + !( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \ defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) ) #error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites" #endif From eade3fedb240ce288e7b0102d60709ccb1a3dc1f Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 09:59:19 +0100 Subject: [PATCH 117/185] Fix code style issue in cert_req program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_req.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index bc4eb80d5e..ff744a4309 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -262,7 +262,8 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; } else { - mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); + mbedtls_printf( + "Invalid argument for option SAN: Entry should be separated by a colon\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From 5867465e9093c1e8b6846f48ed33da8a5ec1b4af Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 10:03:12 +0100 Subject: [PATCH 118/185] Fix code style issue in cert_write program Signed-off-by: Waleed Elmelegy --- programs/x509/cert_write.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 19215c9547..8bee0a666f 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -584,7 +584,8 @@ usage: if ((subtype_value = strchr(q, ':')) != NULL) { *subtype_value++ = '\0'; } else { - mbedtls_printf("Invalid argument for option SAN: Entry should be separated by a colon\n"); + mbedtls_printf( + "Invalid argument for option SAN: Entry should be separated by a colon\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From 107c60c765b9fdc7832612cc199648732b3943dc Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 10:25:58 +0100 Subject: [PATCH 119/185] Fix changelog style issue Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_write.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-issue-x509-cert_write.txt b/ChangeLog.d/fix-issue-x509-cert_write.txt index 7e1f31d2eb..43d67c21d0 100644 --- a/ChangeLog.d/fix-issue-x509-cert_write.txt +++ b/ChangeLog.d/fix-issue-x509-cert_write.txt @@ -1,2 +1,3 @@ Bugfix - * Fix possible NULL dereference issue in X509 cert_write program if an entry in the san parameter is not separated by a colon. + * Fix possible NULL dereference issue in X509 cert_write program if an entry + in the san parameter is not separated by a colon. From 0badeb45607f9dc21503433ef7db74c10c5eeaf9 Mon Sep 17 00:00:00 2001 From: Waleed Elmelegy Date: Fri, 13 Oct 2023 10:27:13 +0100 Subject: [PATCH 120/185] Fix changelog code style issue Signed-off-by: Waleed Elmelegy --- ChangeLog.d/fix-issue-x509-cert_req.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-issue-x509-cert_req.txt b/ChangeLog.d/fix-issue-x509-cert_req.txt index 7e4effdf80..3a5171b834 100644 --- a/ChangeLog.d/fix-issue-x509-cert_req.txt +++ b/ChangeLog.d/fix-issue-x509-cert_req.txt @@ -1,2 +1,3 @@ Bugfix - * Fix possible NULL dereference issue in X509 cert_req program if an entry in the san parameter is not separated by a colon. + * Fix possible NULL dereference issue in X509 cert_req program if an entry + in the san parameter is not separated by a colon. From 97a6231b5c1e0caf10d58498ba8a450f19c24c83 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 13 Oct 2023 11:39:53 +0200 Subject: [PATCH 121/185] Revert "Fix a few IAR warnings" --- library/pkcs12.c | 3 +-- library/pkcs5.c | 3 +-- library/x509_create.c | 44 +++++++++++++++++++++---------------------- 3 files changed, 23 insertions(+), 27 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 4e12476d21..4db2a4bbf4 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -172,7 +172,6 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, size_t iv_len = 0; size_t finish_olen = 0; unsigned int padlen = 0; - mbedtls_cipher_padding_t padding; if (pwd == NULL && pwdlen != 0) { return MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA; @@ -219,7 +218,7 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /* PKCS12 uses CBC with PKCS7 padding */ - padding = MBEDTLS_PADDING_PKCS7; + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) /* For historical reasons, when decrypting, this function works when * decrypting even when support for PKCS7 padding is disabled. In this diff --git a/library/pkcs5.c b/library/pkcs5.c index 3dc97a557c..2756d058e0 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -152,7 +152,6 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_alg; mbedtls_cipher_context_t cipher_ctx; unsigned int padlen = 0; - mbedtls_cipher_padding_t padding; p = pbe_params->p; end = p + pbe_params->len; @@ -247,7 +246,7 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, * "PKCS5 padding" except that it's typically only called PKCS5 * with 64-bit-block ciphers). */ - padding = MBEDTLS_PADDING_PKCS7; + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) /* For historical reasons, when decrypting, this function works when * decrypting even when support for PKCS7 padding is disabled. In this diff --git a/library/x509_create.c b/library/x509_create.c index 3074ce41ca..2583cdd0fd 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -254,33 +254,31 @@ static int parse_attribute_value_hex_der_encoded(const char *s, /* Step 3: decode the DER. */ /* We've checked that der_length >= 1 above. */ *tag = der[0]; - { - unsigned char *p = der + 1; - if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { - goto error; - } - /* Now p points to the first byte of the payload inside der, - * and *data_len is the length of the payload. */ + unsigned char *p = der + 1; + if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { + goto error; + } + /* Now p points to the first byte of the payload inside der, + * and *data_len is the length of the payload. */ - /* Step 4: payload validation */ - if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { - goto error; - } - /* Strings must not contain null bytes. */ - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { - for (size_t i = 0; i < *data_len; i++) { - if (p[i] == 0) { - goto error; - } + /* Step 4: payload validation */ + if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { + goto error; + } + /* Strings must not contain null bytes. */ + if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { + for (size_t i = 0; i < *data_len; i++) { + if (p[i] == 0) { + goto error; } } - - /* Step 5: output the payload. */ - if (*data_len > data_size) { - goto error; - } - memcpy(data, p, *data_len); } + + /* Step 5: output the payload. */ + if (*data_len > data_size) { + goto error; + } + memcpy(data, p, *data_len); mbedtls_free(der); return 0; From 9a32632577c9ea24f6c8f2e487e6b2ed8511dca4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 4 Oct 2023 20:03:55 +0200 Subject: [PATCH 122/185] Fix 3rdparty/Makefile.inc when included recursively 3rdparty/Makefile.inc could only be used when included from the primary makefile passed to make. It could not be used directly, or included from a makefile that is itself included. This was due to counting from the left of $(MAKEFILE_LIST) instead of using the last element. Since each include directive appends to $(MAKEFILE_LIST), when using it to determine $(THIRDPARTY_DIR), we need to use a simply-expanded variable. Signed-off-by: Gilles Peskine --- 3rdparty/Makefile.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc index 80dc126923..70f316b0c8 100644 --- a/3rdparty/Makefile.inc +++ b/3rdparty/Makefile.inc @@ -1,3 +1,3 @@ -THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST))) +THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST))) include $(THIRDPARTY_DIR)/everest/Makefile.inc include $(THIRDPARTY_DIR)/p256-m/Makefile.inc From cc88ccdda1d594fea51218c5b584e166d020c6f7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 13 Oct 2023 10:33:15 +0100 Subject: [PATCH 123/185] Include existing Makefile Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fec46cc50b..7b801a3ecd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3950,12 +3950,16 @@ build_test_config_combos() { # This ensures that we have any include paths, macro definitions, etc # that may be applied by make. # Add -fsyntax-only as we only want a syntax check and don't need to generate a file. - compile_cmd=$(make -B -n ${file} CC=clang CFLAGS="${warning_flags} -fsyntax-only" | egrep "^clang") + compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c" - makefile=$(mktemp) + makefile=$(TMPDIR=. mktemp) deps="" len=${#options[@]} + source_file=${file%.o}.c + + targets=0 + echo 'include Makefile' >${makefile} for ((i = 0; i < $((2**${len})); i++)); do # generate each of 2^n combinations of options @@ -3973,17 +3977,18 @@ build_test_config_combos() { # if combination is not known to be invalid, add it to the makefile if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then cmd="${compile_cmd} ${clang_args}" - echo "${target}:" >> ${makefile} - echo -e "\t$cmd" >> ${makefile} + echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} deps="${deps} ${target}" + ((++targets)) fi done - echo "all: ${deps}" >> ${makefile} + echo "build_test_config_combos: ${deps}" >> ${makefile} # execute all of the commands via Make (probably in parallel) - make -s -f ${makefile} all + make -s -f ${makefile} build_test_config_combos + echo "$targets targets checked" # clean up the temporary makefile rm ${makefile} From 2457bcd26c2c8b803dce6318432b2a4f31ffa0bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 13 Oct 2023 12:31:45 +0100 Subject: [PATCH 124/185] Tidy up logic for MBEDTLS_MAYBE_UNUSED Signed-off-by: Dave Rodgman --- library/common.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/common.h b/library/common.h index de26d451b9..570b97eca9 100644 --- a/library/common.h +++ b/library/common.h @@ -335,24 +335,24 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #endif /* Suppress compiler warnings for unused functions and variables. */ -#if !defined(MBEDTLS_MAYBE_UNUSED) && (defined(__GNUC__) || defined(__clang__)) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) +# if __has_attribute(unused) +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +# endif +#endif +#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__) +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__) -#if (__VER__ >= 8010000) // IAR 8.1 or later -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#endif +# if (__VER__ >= 8010000) // IAR 8.1 or later +# define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) +# endif #endif #if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER) -#define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) -#endif -#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute) -#if __has_attribute(unused) -#define MBEDTLS_MAYBE_UNUSED __attribute__((unused)) -#endif +# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189)) #endif #if !defined(MBEDTLS_MAYBE_UNUSED) -#define MBEDTLS_MAYBE_UNUSED +# define MBEDTLS_MAYBE_UNUSED #endif #endif /* MBEDTLS_LIBRARY_COMMON_H */ From 515af1d80dce7effa946bb31a91c3b5f19189872 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 13 Oct 2023 14:40:14 +0100 Subject: [PATCH 125/185] Stop IAR warning about goto skipping variable definition Signed-off-by: Dave Rodgman --- library/pkcs12.c | 27 ++++++++++++++------------- library/pkcs5.c | 32 +++++++++++++++++--------------- library/x509_create.c | 42 ++++++++++++++++++++++-------------------- 3 files changed, 53 insertions(+), 48 deletions(-) diff --git a/library/pkcs12.c b/library/pkcs12.c index 4db2a4bbf4..42e4fb4381 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -216,21 +216,22 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /* PKCS12 uses CBC with PKCS7 padding */ - - mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; + { + /* PKCS12 uses CBC with PKCS7 padding */ + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) - /* For historical reasons, when decrypting, this function works when - * decrypting even when support for PKCS7 padding is disabled. In this - * case, it ignores the padding, and so will never report a - * password mismatch. - */ - if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) { - padding = MBEDTLS_PADDING_NONE; - } + /* For historical reasons, when decrypting, this function works when + * decrypting even when support for PKCS7 padding is disabled. In this + * case, it ignores the padding, and so will never report a + * password mismatch. + */ + if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) { + padding = MBEDTLS_PADDING_NONE; + } #endif - if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { - goto exit; + if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { + goto exit; + } } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ diff --git a/library/pkcs5.c b/library/pkcs5.c index 2756d058e0..d10a1937c5 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -242,23 +242,25 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, } #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /* PKCS5 uses CBC with PKCS7 padding (which is the same as - * "PKCS5 padding" except that it's typically only called PKCS5 - * with 64-bit-block ciphers). - */ - mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; + { + /* PKCS5 uses CBC with PKCS7 padding (which is the same as + * "PKCS5 padding" except that it's typically only called PKCS5 + * with 64-bit-block ciphers). + */ + mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7; #if !defined(MBEDTLS_CIPHER_PADDING_PKCS7) - /* For historical reasons, when decrypting, this function works when - * decrypting even when support for PKCS7 padding is disabled. In this - * case, it ignores the padding, and so will never report a - * password mismatch. - */ - if (mode == MBEDTLS_DECRYPT) { - padding = MBEDTLS_PADDING_NONE; - } + /* For historical reasons, when decrypting, this function works when + * decrypting even when support for PKCS7 padding is disabled. In this + * case, it ignores the padding, and so will never report a + * password mismatch. + */ + if (mode == MBEDTLS_DECRYPT) { + padding = MBEDTLS_PADDING_NONE; + } #endif - if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { - goto exit; + if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) { + goto exit; + } } #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len, diff --git a/library/x509_create.c b/library/x509_create.c index 2583cdd0fd..62fb119ba9 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -254,31 +254,33 @@ static int parse_attribute_value_hex_der_encoded(const char *s, /* Step 3: decode the DER. */ /* We've checked that der_length >= 1 above. */ *tag = der[0]; - unsigned char *p = der + 1; - if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { - goto error; - } - /* Now p points to the first byte of the payload inside der, - * and *data_len is the length of the payload. */ + { + unsigned char *p = der + 1; + if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) { + goto error; + } + /* Now p points to the first byte of the payload inside der, + * and *data_len is the length of the payload. */ - /* Step 4: payload validation */ - if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { - goto error; - } - /* Strings must not contain null bytes. */ - if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { - for (size_t i = 0; i < *data_len; i++) { - if (p[i] == 0) { - goto error; + /* Step 4: payload validation */ + if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) { + goto error; + } + /* Strings must not contain null bytes. */ + if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) { + for (size_t i = 0; i < *data_len; i++) { + if (p[i] == 0) { + goto error; + } } } - } - /* Step 5: output the payload. */ - if (*data_len > data_size) { - goto error; + /* Step 5: output the payload. */ + if (*data_len > data_size) { + goto error; + } + memcpy(data, p, *data_len); } - memcpy(data, p, *data_len); mbedtls_free(der); return 0; From 5f5573fa90bade3f5d505882a486df2c9c7df839 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 13 Oct 2023 14:32:09 +0200 Subject: [PATCH 126/185] cipher: reintroduce symbol for legacy AEAD support Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 8 ++++++-- library/cipher.c | 8 ++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index bda768cfb4..e13bee6a00 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -33,6 +33,10 @@ #include #include "mbedtls/platform_util.h" +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) +#define MBEDTLS_CIPHER_HAVE_AEAD_LEGACY +#endif + #if defined(MBEDTLS_CIPHER_MODE_CBC) #define MBEDTLS_CIPHER_MODE_WITH_PADDING #endif @@ -1076,7 +1080,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. * @@ -1183,7 +1187,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); -#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } #endif diff --git a/library/cipher.c b/library/cipher.c index f17f3e0e1f..7009c19b4d 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1390,7 +1390,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, return 0; } -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). @@ -1569,9 +1569,9 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } -#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ @@ -1671,6 +1671,6 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ } -#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */ From 4b0e8f0e2c67f88816f7ebfc314e725986fe6343 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2023 12:25:12 +0200 Subject: [PATCH 127/185] Remove redundant include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's also included later, guarded by support for ECC keys, and actually that's the only case where we need it. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index e1422df771..687c2c0828 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -26,7 +26,6 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "pk_internal.h" #include From da88c380bd9674efef64b91b9ff34057c6b537d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2023 12:31:43 +0200 Subject: [PATCH 128/185] Minimize key-type-related includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - we don't use any ECDSA function here - we only need to include ecp.h when supporting ECC keys Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 687c2c0828..1dd5653e24 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -29,16 +29,16 @@ #include +/* Key types */ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif -#include "mbedtls/ecp.h" #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) +#include "mbedtls/ecp.h" #include "pk_internal.h" #endif -#if defined(MBEDTLS_ECDSA_C) -#include "mbedtls/ecdsa.h" -#endif + +/* Extended formats */ #if defined(MBEDTLS_PEM_PARSE_C) #include "mbedtls/pem.h" #endif From 5fcbe4c1f802b5532a198f91d7cfa33f211c7cbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2023 13:02:51 +0200 Subject: [PATCH 129/185] Further rationalize includes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - only include psa_util when we use PSA Crypto - re-order includes Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 1dd5653e24..3fca2c44f7 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -25,10 +25,16 @@ #include "mbedtls/asn1.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" +#include "mbedtls/platform.h" #include "mbedtls/error.h" #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "mbedtls/psa_util.h" +#include "psa/crypto.h" +#endif + /* Key types */ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" @@ -49,16 +55,6 @@ #include "mbedtls/pkcs12.h" #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) -#include "psa_util_internal.h" -#endif - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif - -#include "mbedtls/platform.h" - /* Helper for Montgomery curves */ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ From 2585852231fb4e895dc9471f547c0e81bd97f308 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Jul 2023 11:44:55 +0200 Subject: [PATCH 130/185] Factor common code into a function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There were two places that were calling either pk_update_ecparams() or mbedtls_ecp_group_load() depending on the same guard. Factor this into a single function, that works in both configs, so that callers don't have to worry about guards. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 67 ++++++++++++++++++----------------------------- 1 file changed, 26 insertions(+), 41 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3fca2c44f7..d5ffc862d8 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -453,28 +453,39 @@ cleanup: } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -/* Functions pk_use_ecparams() and pk_use_ecparams_rfc8410() update the - * ecp_keypair structure with proper group ID. The purpose of this helper - * function is to update ec_family and ec_bits accordingly. */ -static int pk_update_psa_ecparams(mbedtls_pk_context *pk, - mbedtls_ecp_group_id grp_id) +/* + * Set the group used by this key. + */ +static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { - psa_ecc_family_t ec_family; - size_t bits; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + size_t ec_bits; + psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); - ec_family = mbedtls_ecc_group_to_psa(grp_id, &bits); - - if ((pk->ec_family != 0) && (pk->ec_family != ec_family)) { + /* group may already be initialized; if so, make sure IDs match */ + if ((pk->ec_family != 0 && pk->ec_family != ec_family) || + (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } + /* set group */ pk->ec_family = ec_family; - pk->ec_bits = bits; + pk->ec_bits = ec_bits; return 0; -} +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); + + /* grp may already be initialized; if so, make sure IDs match */ + if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && + mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + /* set group */ + return mbedtls_ecp_group_load(&(ecp->grp), grp_id); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +} /* * Use EC parameters to initialise an EC group @@ -503,22 +514,7 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p #endif } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); -#else - /* grp may already be initialized; if so, make sure IDs match */ - if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && - mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - if ((ret = mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(*pk)->grp), - grp_id)) != 0) { - return ret; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - return ret; + return pk_ecc_set_group(pk, grp_id); } /* @@ -588,22 +584,11 @@ static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params, mbedtls_ecp_group_id grp_id, mbedtls_pk_context *pk) { - int ret; - if (params->tag != 0 || params->len != 0) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); -#else - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); - ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id); - if (ret != 0) { - return ret; - } -#endif - return ret; + return pk_ecc_set_group(pk, grp_id); } /* From d5b43720121916237f4474f13e27e288c62cb8f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 24 Jul 2023 12:06:22 +0200 Subject: [PATCH 131/185] Slightly simplify pk_derive_public_key() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add a comment explain potentially surprising parameters - avoid nesting #if guards: I find the linear structure #if #elif #else makes the three cases clearer. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index d5ffc862d8..78155ba322 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -519,24 +519,32 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p /* * Helper function for deriving a public key from its private counterpart. + * + * Note: the private key information is always available from pk, + * however for convenience the serialized version is also passed, + * as it's available at each calling site, and useful in some configs + * (as otherwise we're have to re-serialize it from the pk context). */ static int pk_derive_public_key(mbedtls_pk_context *pk, const unsigned char *d, size_t d_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - int ret; -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_status_t status; (void) f_rng; (void) p_rng; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) (void) d; (void) d_len; status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), &pk->pub_raw_len); - ret = psa_pk_status_to_mbedtls(status); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + return psa_pk_status_to_mbedtls(status); +#elif defined(MBEDTLS_USE_PSA_CRYPTO) /* && !MBEDTLS_PK_USE_PSA_EC_DATA */ + int ret; + psa_status_t status; + (void) f_rng; + (void) p_rng; + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t key_len; @@ -563,16 +571,14 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, } else if (destruction_status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(destruction_status); } - ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); #else /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; (void) d; (void) d_len; - ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); + return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return ret; } #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) From 6db11d5068d73c56ca8bfb2a7ca68b52cc258173 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Jul 2023 11:20:48 +0200 Subject: [PATCH 132/185] Group two versions of the same code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Just moving code around. The two blocks do morally the same thing: load the key, and grouping them makes the #if #else structure clearer. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 78155ba322..edcc2e2912 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1214,11 +1214,30 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + /* Setting largest masks for usage and key algorithms */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); + + status = psa_import_key(&attributes, d, d_len, &pk->priv_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ if ((ret = mbedtls_ecp_read_key(eck->grp.id, eck, d, d_len)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } -#endif +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (p != end) { /* @@ -1255,27 +1274,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - /* Setting largest masks for usage and key algorithms */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); -#else - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); -#endif - psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); - - status = psa_import_key(&attributes, d, d_len, &pk->priv_id); - if (status != PSA_SUCCESS) { - ret = psa_pk_status_to_mbedtls(status); - return ret; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { return ret; From dcd98fffabeedfbff4dae473b8be368b728960af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Jul 2023 11:58:31 +0200 Subject: [PATCH 133/185] Factor similar code into pk_ecc_set_key() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 100 ++++++++++++++++++++++++---------------------- 1 file changed, 52 insertions(+), 48 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index edcc2e2912..114a563895 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -487,6 +487,48 @@ static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } +/* + * Set the private key material + * + * Must have already set the group with pk_ecc_set_group(). + * + * The 'key' argument points to the raw private key (no ASN.1 wrapping). + */ +static int pk_ecc_set_key(mbedtls_pk_context *pk, + unsigned char *key, size_t len) +{ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); + psa_key_usage_t flags = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE; + if (pk->ec_family != PSA_ECC_FAMILY_MONTGOMERY) { + flags |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_enrollment_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + } + psa_set_key_usage_flags(&attributes, flags); + + status = psa_import_key(&attributes, key, len, &pk->priv_id); + return psa_pk_status_to_mbedtls(status); + +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); + int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } + return 0; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +} + /* * Use EC parameters to initialise an EC group * @@ -617,27 +659,13 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | - PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); - - status = psa_import_key(&attributes, key, len, &pk->priv_id); - if (status != PSA_SUCCESS) { - ret = psa_pk_status_to_mbedtls(status); + /* + * Load the private key + */ + ret = pk_ecc_set_key(pk, key, len); + if (ret != 0) { return ret; } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); - - if ((ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, * which never contain a public key. As such, derive the public key @@ -1153,12 +1181,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *d; unsigned char *end = p + keylen; unsigned char *end2; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * RFC 5915, or SEC1 Appendix C.4 @@ -1213,31 +1235,13 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - /* Setting largest masks for usage and key algorithms */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); -#else - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); -#endif - psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); - - status = psa_import_key(&attributes, d, d_len, &pk->priv_id); - if (status != PSA_SUCCESS) { - ret = psa_pk_status_to_mbedtls(status); + /* + * Load the private key + */ + ret = pk_ecc_set_key(pk, d, d_len); + if (ret != 0) { return ret; } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - if ((ret = mbedtls_ecp_read_key(eck->grp.id, eck, d, d_len)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (p != end) { /* From 116175c5d7f2b44f5d3186e845b9881d519d53d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Jul 2023 12:06:55 +0200 Subject: [PATCH 134/185] Use helper macro for (deterministic) ECDSA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - centralizes decision making about which version to use when - avoids nested #ifs in pk_ecc_set_key() Signed-off-by: Manuel Pégourié-Gonnard --- library/pk_internal.h | 9 +++++++-- library/pk_wrap.c | 9 ++------- library/pkparse.c | 7 ++----- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 004660e094..9becbecd41 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -117,14 +117,19 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont #endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ -#if defined(MBEDTLS_TEST_HOOKS) +/* Helper for (deterministic) ECDSA */ +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA +#else +#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA +#endif +#if defined(MBEDTLS_TEST_HOOKS) MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( mbedtls_pk_context *pk, unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); - #endif #endif /* MBEDTLS_PK_INTERNAL_H */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 436876a5d5..53e11d5cb9 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1037,13 +1037,8 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); size_t key_len = PSA_BITS_TO_BYTES(curve_bits); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_algorithm_t psa_sig_md = - PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); -#else - psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); -#endif + psa_algorithm_t psa_hash = mbedtls_md_psa_alg_from_type(md_alg); + psa_algorithm_t psa_sig_md = MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(psa_hash); ((void) f_rng); ((void) p_rng); diff --git a/library/pkparse.c b/library/pkparse.c index 114a563895..3f67786e44 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -504,14 +504,11 @@ static int pk_ecc_set_key(mbedtls_pk_context *pk, psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); psa_key_usage_t flags = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE; + /* Montgomery allows only ECDH, others ECDSA too */ if (pk->ec_family != PSA_ECC_FAMILY_MONTGOMERY) { flags |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_set_key_enrollment_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); -#else - psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); -#endif + MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH)); } psa_set_key_usage_flags(&attributes, flags); From e82fcd9c9e01cd3b63c76e792b9136834cc38f34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 10:53:25 +0200 Subject: [PATCH 135/185] Avoid nested #ifs in body of pk_get_ecpubkey() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3f67786e44..72eed097f1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -675,7 +675,7 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) && defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /* * Create a temporary ecp_keypair for converting an EC point in compressed * format to an uncompressed one @@ -685,6 +685,7 @@ static int pk_convert_compressed_ec(mbedtls_pk_context *pk, size_t *out_buf_len, unsigned char *out_buf, size_t out_buf_size) { +#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) mbedtls_ecp_keypair ecp_key; mbedtls_ecp_group_id ecp_group_id; int ret; @@ -708,8 +709,11 @@ static int pk_convert_compressed_ec(mbedtls_pk_context *pk, exit: mbedtls_ecp_keypair_free(&ecp_key); return ret; +#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA && MBEDTLS_PK_PARSE_EC_COMPRESSED */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * EC public key is an EC point @@ -732,20 +736,15 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - /* Compressed point format are not supported yet by PSA crypto. As a - * consequence ecp functions are used to "convert" the point to - * uncompressed format */ if ((**p == 0x02) || (**p == 0x03)) { -#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) + /* Compressed format, not supported by PSA Crypto. + * Try converting using functions from ECP_LIGHT. */ ret = pk_convert_compressed_ec(pk, *p, len, &(pk->pub_raw_len), pk->pub_raw, PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); if (ret != 0) { return ret; } -#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ } else { /* Uncompressed format */ if ((size_t) (end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { From df151bbc37c47c9da99ecf7eca8e127e521038db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 11:06:46 +0200 Subject: [PATCH 136/185] Minor improvements to pk_ecc_read_compressed() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - new name starting with pk_ecc for consistency - re-order params to match the PSA convention: buf, len, &size - add comment about input consumption Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 72eed097f1..3fa1a84227 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -679,11 +679,14 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, /* * Create a temporary ecp_keypair for converting an EC point in compressed * format to an uncompressed one + * + * Consumes everything or fails - inherited from + * mbedtls_ecp_point_read_binary(). */ -static int pk_convert_compressed_ec(mbedtls_pk_context *pk, - const unsigned char *in_start, size_t in_len, - size_t *out_buf_len, unsigned char *out_buf, - size_t out_buf_size) +static int pk_ecc_read_compressed(mbedtls_pk_context *pk, + const unsigned char *in_start, size_t in_len, + unsigned char *out_buf, size_t out_buf_size, + size_t *out_buf_len) { #if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) mbedtls_ecp_keypair ecp_key; @@ -730,7 +733,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_svc_key_id_t key; psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - size_t len = (end - *p); + size_t len = (size_t) (end - *p); if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; @@ -739,19 +742,20 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, if ((**p == 0x02) || (**p == 0x03)) { /* Compressed format, not supported by PSA Crypto. * Try converting using functions from ECP_LIGHT. */ - ret = pk_convert_compressed_ec(pk, *p, len, - &(pk->pub_raw_len), pk->pub_raw, - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE); + ret = pk_ecc_read_compressed(pk, *p, len, + pk->pub_raw, + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE, + &pk->pub_raw_len); if (ret != 0) { return ret; } } else { /* Uncompressed format */ - if ((size_t) (end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + if (len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } - memcpy(pk->pub_raw, *p, (end - *p)); - pk->pub_raw_len = end - *p; + memcpy(pk->pub_raw, *p, len); + pk->pub_raw_len = len; } /* Validate the key by trying to importing it */ @@ -778,7 +782,8 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* - * We know mbedtls_ecp_point_read_binary consumed all bytes or failed + * We know mbedtls_ecp_point_read_binary and pk_ecc_read_compressed either + * consumed all bytes or failed, and memcpy consumed all bytes too. */ *p = (unsigned char *) end; From 212517b87d72fb96145e066535f3a895884ea701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 12:05:38 +0200 Subject: [PATCH 137/185] Start re-ordering functions in pkparse MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The general order is low-level first, top-level last, for the sake of static function and avoiding forward declarations. The obvious exception was functions that parse files that were at the beginning; move them to the end. Also start defining sections in the file; this is incomplete as I don't have a clear view of the beginning of the file yet. Will continue in further commits. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 222 +++++++++++++++++++++++++--------------------- 1 file changed, 120 insertions(+), 102 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3fa1a84227..fbf8cbfc11 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -61,108 +61,6 @@ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#if defined(MBEDTLS_FS_IO) -/* - * Load all data from a file into a given buffer. - * - * The file is expected to contain either PEM or DER encoded data. - * A terminating null byte is always appended. It is included in the announced - * length only if the data looks like it is PEM encoded. - */ -int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) -{ - FILE *f; - long size; - - if ((f = fopen(path, "rb")) == NULL) { - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - } - - /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ - mbedtls_setbuf(f, NULL); - - fseek(f, 0, SEEK_END); - if ((size = ftell(f)) == -1) { - fclose(f); - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - } - fseek(f, 0, SEEK_SET); - - *n = (size_t) size; - - if (*n + 1 == 0 || - (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { - fclose(f); - return MBEDTLS_ERR_PK_ALLOC_FAILED; - } - - if (fread(*buf, 1, *n, f) != *n) { - fclose(f); - - mbedtls_zeroize_and_free(*buf, *n); - - return MBEDTLS_ERR_PK_FILE_IO_ERROR; - } - - fclose(f); - - (*buf)[*n] = '\0'; - - if (strstr((const char *) *buf, "-----BEGIN ") != NULL) { - ++*n; - } - - return 0; -} - -/* - * Load and parse a private key - */ -int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, - const char *path, const char *pwd, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - if (pwd == NULL) { - ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0, f_rng, p_rng); - } else { - ret = mbedtls_pk_parse_key(ctx, buf, n, - (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng); - } - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} - -/* - * Load and parse a public key - */ -int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t n; - unsigned char *buf; - - if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { - return ret; - } - - ret = mbedtls_pk_parse_public_key(ctx, buf, n); - - mbedtls_zeroize_and_free(buf, n); - - return ret; -} -#endif /* MBEDTLS_FS_IO */ - #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * @@ -1289,6 +1187,12 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ +/*********************************************************************** + * + * PKCS#8 parsing functions + * + **********************************************************************/ + /* * Parse an unencrypted PKCS#8 encoded private key * @@ -1524,6 +1428,12 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der( } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ +/*********************************************************************** + * + * Top-level functions, with format auto-discovery + * + **********************************************************************/ + /* * Parse a private key */ @@ -1843,4 +1753,112 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, return ret; } +/*********************************************************************** + * + * Top-level functions, with filesystem support + * + **********************************************************************/ + +#if defined(MBEDTLS_FS_IO) +/* + * Load all data from a file into a given buffer. + * + * The file is expected to contain either PEM or DER encoded data. + * A terminating null byte is always appended. It is included in the announced + * length only if the data looks like it is PEM encoded. + */ +int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n) +{ + FILE *f; + long size; + + if ((f = fopen(path, "rb")) == NULL) { + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + } + + /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */ + mbedtls_setbuf(f, NULL); + + fseek(f, 0, SEEK_END); + if ((size = ftell(f)) == -1) { + fclose(f); + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + } + fseek(f, 0, SEEK_SET); + + *n = (size_t) size; + + if (*n + 1 == 0 || + (*buf = mbedtls_calloc(1, *n + 1)) == NULL) { + fclose(f); + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } + + if (fread(*buf, 1, *n, f) != *n) { + fclose(f); + + mbedtls_zeroize_and_free(*buf, *n); + + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + } + + fclose(f); + + (*buf)[*n] = '\0'; + + if (strstr((const char *) *buf, "-----BEGIN ") != NULL) { + ++*n; + } + + return 0; +} + +/* + * Load and parse a private key + */ +int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, + const char *path, const char *pwd, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t n; + unsigned char *buf; + + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } + + if (pwd == NULL) { + ret = mbedtls_pk_parse_key(ctx, buf, n, NULL, 0, f_rng, p_rng); + } else { + ret = mbedtls_pk_parse_key(ctx, buf, n, + (const unsigned char *) pwd, strlen(pwd), f_rng, p_rng); + } + + mbedtls_zeroize_and_free(buf, n); + + return ret; +} + +/* + * Load and parse a public key + */ +int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t n; + unsigned char *buf; + + if ((ret = mbedtls_pk_load_file(path, &buf, &n)) != 0) { + return ret; + } + + ret = mbedtls_pk_parse_public_key(ctx, buf, n); + + mbedtls_zeroize_and_free(buf, n); + + return ret; +} +#endif /* MBEDTLS_FS_IO */ + #endif /* MBEDTLS_PK_PARSE_C */ From 997a95e5926d4ef64836e8702fe2d00c955b9878 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 15:18:30 +0200 Subject: [PATCH 138/185] Merge two consecutive #ifs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index fbf8cbfc11..98094a36fe 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -55,13 +55,14 @@ #include "mbedtls/pkcs12.h" #endif +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) + /* Helper for Montgomery curves */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) #define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * * ECParameters ::= CHOICE { From 5470898e37875e2cf29019c4e66322f8a4ba5e69 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 15:38:36 +0200 Subject: [PATCH 139/185] Move code around again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 566 ++++++++++++++++++++++++---------------------- 1 file changed, 292 insertions(+), 274 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 98094a36fe..5a35c43fbb 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -57,56 +57,274 @@ #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) -/* Helper for Montgomery curves */ -#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) -#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ - ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ - -/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf +/*********************************************************************** * - * ECParameters ::= CHOICE { - * namedCurve OBJECT IDENTIFIER - * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } - * -- implicitCurve NULL - * } + * ECC setters + * + * 1. This is an abstraction layer around MBEDTLS_PK_USE_PSA_EC_DATA: + * this macro will not appear outside this section. + * 2. All inputs are raw: no metadata, no ASN.1 until the next section. + * + **********************************************************************/ + +/* + * Set the group used by this key. */ -static int pk_get_ecparams(unsigned char **p, const unsigned char *end, - mbedtls_asn1_buf *params) +static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) +{ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + size_t ec_bits; + psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); + + /* group may already be initialized; if so, make sure IDs match */ + if ((pk->ec_family != 0 && pk->ec_family != ec_family) || + (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + /* set group */ + pk->ec_family = ec_family; + pk->ec_bits = ec_bits; + + return 0; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); + + /* grp may already be initialized; if so, make sure IDs match */ + if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && + mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + } + + /* set group */ + return mbedtls_ecp_group_load(&(ecp->grp), grp_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +} + +/* + * Set the private key material + * + * Must have already set the group with pk_ecc_set_group(). + * + * The 'key' argument points to the raw private key (no ASN.1 wrapping). + */ +static int pk_ecc_set_key(mbedtls_pk_context *pk, + unsigned char *key, size_t len) +{ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); + psa_key_usage_t flags = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE; + /* Montgomery allows only ECDH, others ECDSA too */ + if (pk->ec_family != PSA_ECC_FAMILY_MONTGOMERY) { + flags |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; + psa_set_key_enrollment_algorithm(&attributes, + MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH)); + } + psa_set_key_usage_flags(&attributes, flags); + + status = psa_import_key(&attributes, key, len, &pk->priv_id); + return psa_pk_status_to_mbedtls(status); + +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); + int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len); + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + } + return 0; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +} + +/* + * Helper function for deriving a public key from its private counterpart. + * + * Note: the private key information is always available from pk, + * however for convenience the serialized version is also passed, + * as it's available at each calling site, and useful in some configs + * (as otherwise we're have to re-serialize it from the pk context). + */ +static int pk_derive_public_key(mbedtls_pk_context *pk, + const unsigned char *d, size_t d_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) +{ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_status_t status; + (void) f_rng; + (void) p_rng; + (void) d; + (void) d_len; + + status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), + &pk->pub_raw_len); + return psa_pk_status_to_mbedtls(status); +#elif defined(MBEDTLS_USE_PSA_CRYPTO) /* && !MBEDTLS_PK_USE_PSA_EC_DATA */ + int ret; + psa_status_t status; + (void) f_rng; + (void) p_rng; + + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + size_t curve_bits; + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); + psa_status_t destruction_status; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + + status = psa_import_key(&key_attr, d, d_len, &key_id); + ret = psa_pk_status_to_mbedtls(status); + if (ret != 0) { + return ret; + } + + status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); + ret = psa_pk_status_to_mbedtls(status); + destruction_status = psa_destroy_key(key_id); + if (ret != 0) { + return ret; + } else if (destruction_status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(destruction_status); + } + return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); +#else /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; + (void) d; + (void) d_len; + + return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +} + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) +/* + * Create a temporary ecp_keypair for converting an EC point in compressed + * format to an uncompressed one + * + * Consumes everything or fails - inherited from + * mbedtls_ecp_point_read_binary(). + */ +static int pk_ecc_read_compressed(mbedtls_pk_context *pk, + const unsigned char *in_start, size_t in_len, + unsigned char *out_buf, size_t out_buf_size, + size_t *out_buf_len) +{ +#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) + mbedtls_ecp_keypair ecp_key; + mbedtls_ecp_group_id ecp_group_id; + int ret; + + ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + + mbedtls_ecp_keypair_init(&ecp_key); + ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); + if (ret != 0) { + return ret; + } + ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q, + in_start, in_len); + if (ret != 0) { + goto exit; + } + ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + out_buf_len, out_buf, out_buf_size); + +exit: + mbedtls_ecp_keypair_free(&ecp_key); + return ret; +#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + +/* + * EC public key is an EC point + * + * The caller is responsible for clearing the structure upon failure if + * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE + * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. + */ +static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, + mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (end - *p < 1) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_OUT_OF_DATA); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_svc_key_id_t key; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + size_t len = (size_t) (end - *p); + + if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - /* Tag may be either OID or SEQUENCE */ - params->tag = **p; - if (params->tag != MBEDTLS_ASN1_OID -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) -#endif - ) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + if ((**p == 0x02) || (**p == 0x03)) { + /* Compressed format, not supported by PSA Crypto. + * Try converting using functions from ECP_LIGHT. */ + ret = pk_ecc_read_compressed(pk, *p, len, + pk->pub_raw, + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE, + &pk->pub_raw_len); + if (ret != 0) { + return ret; + } + } else { + /* Uncompressed format */ + if (len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; + } + memcpy(pk->pub_raw, *p, len); + pk->pub_raw_len = len; } - if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); + /* Validate the key by trying to importing it */ + psa_set_key_usage_flags(&key_attrs, 0); + psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY); + psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); + psa_set_key_bits(&key_attrs, pk->ec_bits); + + if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, + &key) != PSA_SUCCESS) || + (psa_destroy_key(key) != PSA_SUCCESS)) { + mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); + pk->pub_raw_len = 0; + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - - params->p = *p; - *p += params->len; - - if (*p != end) { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + ret = 0; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; + if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, + (const unsigned char *) *p, + end - *p)) == 0) { + ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - return 0; + /* + * We know mbedtls_ecp_point_read_binary and pk_ecc_read_compressed either + * consumed all bytes or failed, and memcpy consumed all bytes too. + */ + *p = (unsigned char *) end; + + return ret; } +/*********************************************************************** + * + * Unsorted (yet!) from this point on until the next section header + * + **********************************************************************/ + #if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) /* * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. @@ -352,77 +570,49 @@ cleanup: } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ -/* - * Set the group used by this key. - */ -static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) -{ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - size_t ec_bits; - psa_ecc_family_t ec_family = mbedtls_ecc_group_to_psa(grp_id, &ec_bits); - /* group may already be initialized; if so, make sure IDs match */ - if ((pk->ec_family != 0 && pk->ec_family != ec_family) || - (pk->ec_bits != 0 && pk->ec_bits != ec_bits)) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - /* set group */ - pk->ec_family = ec_family; - pk->ec_bits = ec_bits; - - return 0; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); - - /* grp may already be initialized; if so, make sure IDs match */ - if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && - mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; - } - - /* set group */ - return mbedtls_ecp_group_load(&(ecp->grp), grp_id); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -} - -/* - * Set the private key material +/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * - * Must have already set the group with pk_ecc_set_group(). - * - * The 'key' argument points to the raw private key (no ASN.1 wrapping). + * ECParameters ::= CHOICE { + * namedCurve OBJECT IDENTIFIER + * specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... } + * -- implicitCurve NULL + * } */ -static int pk_ecc_set_key(mbedtls_pk_context *pk, - unsigned char *key, size_t len) +static int pk_get_ecparams(unsigned char **p, const unsigned char *end, + mbedtls_asn1_buf *params) { -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); - psa_key_usage_t flags = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE; - /* Montgomery allows only ECDH, others ECDSA too */ - if (pk->ec_family != PSA_ECC_FAMILY_MONTGOMERY) { - flags |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; - psa_set_key_enrollment_algorithm(&attributes, - MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH)); + if (end - *p < 1) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_OUT_OF_DATA); } - psa_set_key_usage_flags(&attributes, flags); - status = psa_import_key(&attributes, key, len, &pk->priv_id); - return psa_pk_status_to_mbedtls(status); + /* Tag may be either OID or SEQUENCE */ + params->tag = **p; + if (params->tag != MBEDTLS_ASN1_OID +#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) + && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) +#endif + ) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); + } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); - int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len); - if (ret != 0) { + if ((ret = mbedtls_asn1_get_tag(p, end, ¶ms->len, params->tag)) != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } + + params->p = *p; + *p += params->len; + + if (*p != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } + return 0; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ } /* @@ -455,70 +645,6 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p return pk_ecc_set_group(pk, grp_id); } -/* - * Helper function for deriving a public key from its private counterpart. - * - * Note: the private key information is always available from pk, - * however for convenience the serialized version is also passed, - * as it's available at each calling site, and useful in some configs - * (as otherwise we're have to re-serialize it from the pk context). - */ -static int pk_derive_public_key(mbedtls_pk_context *pk, - const unsigned char *d, size_t d_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) -{ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_status_t status; - (void) f_rng; - (void) p_rng; - (void) d; - (void) d_len; - - status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), - &pk->pub_raw_len); - return psa_pk_status_to_mbedtls(status); -#elif defined(MBEDTLS_USE_PSA_CRYPTO) /* && !MBEDTLS_PK_USE_PSA_EC_DATA */ - int ret; - psa_status_t status; - (void) f_rng; - (void) p_rng; - - mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - size_t curve_bits; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); - psa_status_t destruction_status; - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - - status = psa_import_key(&key_attr, d, d_len, &key_id); - ret = psa_pk_status_to_mbedtls(status); - if (ret != 0) { - return ret; - } - - status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); - ret = psa_pk_status_to_mbedtls(status); - destruction_status = psa_destroy_key(key_id); - if (ret != 0) { - return ret; - } else if (destruction_status != PSA_SUCCESS) { - return psa_pk_status_to_mbedtls(destruction_status); - } - return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); -#else /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; - (void) d; - (void) d_len; - - return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -} - #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) /* @@ -574,120 +700,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -/* - * Create a temporary ecp_keypair for converting an EC point in compressed - * format to an uncompressed one - * - * Consumes everything or fails - inherited from - * mbedtls_ecp_point_read_binary(). - */ -static int pk_ecc_read_compressed(mbedtls_pk_context *pk, - const unsigned char *in_start, size_t in_len, - unsigned char *out_buf, size_t out_buf_size, - size_t *out_buf_len) -{ -#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) - mbedtls_ecp_keypair ecp_key; - mbedtls_ecp_group_id ecp_group_id; - int ret; - - ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); - - mbedtls_ecp_keypair_init(&ecp_key); - ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); - if (ret != 0) { - return ret; - } - ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q, - in_start, in_len); - if (ret != 0) { - goto exit; - } - ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - out_buf_len, out_buf, out_buf_size); - -exit: - mbedtls_ecp_keypair_free(&ecp_key); - return ret; -#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -/* - * EC public key is an EC point - * - * The caller is responsible for clearing the structure upon failure if - * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE - * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. - */ -static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_svc_key_id_t key; - psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - size_t len = (size_t) (end - *p); - - if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - if ((**p == 0x02) || (**p == 0x03)) { - /* Compressed format, not supported by PSA Crypto. - * Try converting using functions from ECP_LIGHT. */ - ret = pk_ecc_read_compressed(pk, *p, len, - pk->pub_raw, - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE, - &pk->pub_raw_len); - if (ret != 0) { - return ret; - } - } else { - /* Uncompressed format */ - if (len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { - return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; - } - memcpy(pk->pub_raw, *p, len); - pk->pub_raw_len = len; - } - - /* Validate the key by trying to importing it */ - psa_set_key_usage_flags(&key_attrs, 0); - psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY); - psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); - psa_set_key_bits(&key_attrs, pk->ec_bits); - - if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, - &key) != PSA_SUCCESS) || - (psa_destroy_key(key) != PSA_SUCCESS)) { - mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); - pk->pub_raw_len = 0; - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - ret = 0; -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; - if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, - (const unsigned char *) *p, - end - *p)) == 0) { - ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - /* - * We know mbedtls_ecp_point_read_binary and pk_ecc_read_compressed either - * consumed all bytes or failed, and memcpy consumed all bytes too. - */ - *p = (unsigned char *) end; - - return ret; -} #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ #if defined(MBEDTLS_RSA_C) @@ -799,6 +811,12 @@ static int pk_get_pk_alg(unsigned char **p, return 0; } +/* Helper for Montgomery curves */ +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ + ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + /* * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, From d1aa64239443ec4de20c0571f2dc56b50afa2586 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 22:24:23 +0200 Subject: [PATCH 140/185] Document pk_ecc_set_group() and pk_ecc_set_key() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 5a35c43fbb..a123743582 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -69,6 +69,10 @@ /* * Set the group used by this key. + * + * [in/out] pk: in: must have been pk_setup() to an ECC type + * out: will have group (curve) information set + * [in] grp_in: a supported group ID (not NONE) */ static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { @@ -104,12 +108,12 @@ static int pk_ecc_set_group(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) /* * Set the private key material * - * Must have already set the group with pk_ecc_set_group(). - * - * The 'key' argument points to the raw private key (no ASN.1 wrapping). + * [in/out] pk: in: must have the group set already, see pk_ecc_set_group(). + * out: will have the private key set. + * [in] key, key_len: the raw private key (no ASN.1 wrapping). */ static int pk_ecc_set_key(mbedtls_pk_context *pk, - unsigned char *key, size_t len) + unsigned char *key, size_t key_len) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -126,13 +130,13 @@ static int pk_ecc_set_key(mbedtls_pk_context *pk, } psa_set_key_usage_flags(&attributes, flags); - status = psa_import_key(&attributes, key, len, &pk->priv_id); + status = psa_import_key(&attributes, key, key_len, &pk->priv_id); return psa_pk_status_to_mbedtls(status); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); - int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, len); + int ret = mbedtls_ecp_read_key(eck->grp.id, eck, key, key_len); if (ret != 0) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } From de25194a20a978a253f8804f47c7cbcf7c402ef8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 22:33:58 +0200 Subject: [PATCH 141/185] Rename and document pk_ecc_set_pubkey_from_prv() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 33 ++++++++++++++++++++++----------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index a123743582..007e1fc03f 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -145,23 +145,34 @@ static int pk_ecc_set_key(mbedtls_pk_context *pk, } /* - * Helper function for deriving a public key from its private counterpart. + * Derive a public key from its private counterpart. + * Computationally intensive, only use when public key is not available. + * + * [in/out] pk: in: must have the private key set, see pk_ecc_set_key(). + * out: will have the public key set. + * [in] prv, prv_len: the raw private key (see note below). + * [in] f_rng, p_rng: RNG function and context. * * Note: the private key information is always available from pk, * however for convenience the serialized version is also passed, * as it's available at each calling site, and useful in some configs * (as otherwise we're have to re-serialize it from the pk context). + * + * There are three implementations of this function: + * 1. MBEDTLS_PK_USE_PSA_EC_DATA, + * 2. MBEDTLS_USE_PSA_CRYPTO but not MBEDTLS_PK_USE_PSA_EC_DATA, + * 3. not MBEDTLS_USE_PSA_CRYPTO. */ -static int pk_derive_public_key(mbedtls_pk_context *pk, - const unsigned char *d, size_t d_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) +static int pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, + const unsigned char *prv, size_t prv_len, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_status_t status; (void) f_rng; (void) p_rng; - (void) d; - (void) d_len; + (void) prv; + (void) prv_len; status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), &pk->pub_raw_len); @@ -184,7 +195,7 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - status = psa_import_key(&key_attr, d, d_len, &key_id); + status = psa_import_key(&key_attr, prv, prv_len, &key_id); ret = psa_pk_status_to_mbedtls(status); if (ret != 0) { return ret; @@ -201,8 +212,8 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); #else /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; - (void) d; - (void) d_len; + (void) prv; + (void) prv_len; return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -696,7 +707,7 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, * which never contain a public key. As such, derive the public key * unconditionally. */ - if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { + if ((ret = pk_ecc_set_pubkey_from_prv(pk, key, len, f_rng, p_rng)) != 0) { return ret; } @@ -1201,7 +1212,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } if (!pubkey_done) { - if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { + if ((ret = pk_ecc_set_pubkey_from_prv(pk, d, d_len, f_rng, p_rng)) != 0) { return ret; } } From 0b8e45650f0b8d322a823b61ad9a90a2e7cbbbfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 22:43:25 +0200 Subject: [PATCH 142/185] Tune body of pk_ecc_set_pubkey_from_prv() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - avoid useless use of ret in PSA code, keep only status - improve variable names - keep declarations closer to use - a few internal comments Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 43 ++++++++++++++++++++++++------------------- 1 file changed, 24 insertions(+), 19 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 007e1fc03f..826412a54e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -168,54 +168,59 @@ static int pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - psa_status_t status; + (void) f_rng; (void) p_rng; (void) prv; (void) prv_len; + psa_status_t status; status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), &pk->pub_raw_len); return psa_pk_status_to_mbedtls(status); + #elif defined(MBEDTLS_USE_PSA_CRYPTO) /* && !MBEDTLS_PK_USE_PSA_EC_DATA */ - int ret; - psa_status_t status; + (void) f_rng; (void) p_rng; + psa_status_t status; mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); - psa_status_t destruction_status; + /* Import private key into PSA, from serialized input */ + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - status = psa_import_key(&key_attr, prv, prv_len, &key_id); - ret = psa_pk_status_to_mbedtls(status); - if (ret != 0) { - return ret; + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); } - status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); - ret = psa_pk_status_to_mbedtls(status); - destruction_status = psa_destroy_key(key_id); - if (ret != 0) { - return ret; + /* Export public key from PSA */ + unsigned char pub[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t pub_len; + status = psa_export_public_key(key_id, pub, sizeof(pub), &pub_len); + psa_status_t destruction_status = psa_destroy_key(key_id); + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); } else if (destruction_status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(destruction_status); } - return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); + + /* Load serialized public key into ecp_keypair structure */ + return mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, pub, pub_len); + #else /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; + (void) prv; (void) prv_len; + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; return mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng); + #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 681e30b7275c408549db58a20c8a999c98ab4fce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 23:03:35 +0200 Subject: [PATCH 143/185] Rework pk_ecc_set_pubkey_psa_ecp_fallback() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - new semantic: sets the pubkey directly in the PK context - new name to reflect that semantic and obey the naming scheme - trivial case first - documentation and better parameter names Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 826412a54e..91f56062d3 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -226,18 +226,26 @@ static int pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /* - * Create a temporary ecp_keypair for converting an EC point in compressed - * format to an uncompressed one + * Set the public key: fallback using ECP_LIGHT in the USE_PSA_EC_DATA case. * - * Consumes everything or fails - inherited from - * mbedtls_ecp_point_read_binary(). + * Normally, when MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we only use PSA + * functions to handle keys. However, currently psa_import_key() does not + * support compressed points. In case that support was explicitly requested, + * this fallback uses ECP functions to get the job done. This is the reason + * why MBEDTLS_PK_PARSE_EC_COMPRESSED auto-enables MBEDTLS_ECP_LIGHT. + * + * [in/out] pk: in: must have the group set, see pk_ecc_set_group(). + * out: will have the public key set. + * [in] pub, pub_len: the public key as an ECPoint, + * in any format supported by ECP. */ -static int pk_ecc_read_compressed(mbedtls_pk_context *pk, - const unsigned char *in_start, size_t in_len, - unsigned char *out_buf, size_t out_buf_size, - size_t *out_buf_len) +static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, + const unsigned char *pub, + size_t pub_len) { -#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) +#if !defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ mbedtls_ecp_keypair ecp_key; mbedtls_ecp_group_id ecp_group_id; int ret; @@ -250,19 +258,18 @@ static int pk_ecc_read_compressed(mbedtls_pk_context *pk, return ret; } ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q, - in_start, in_len); + pub, pub_len); if (ret != 0) { goto exit; } ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q, MBEDTLS_ECP_PF_UNCOMPRESSED, - out_buf_len, out_buf, out_buf_size); + &pk->pub_raw_len, pk->pub_raw, + sizeof(pk->pub_raw)); exit: mbedtls_ecp_keypair_free(&ecp_key); return ret; -#else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; #endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -291,10 +298,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, if ((**p == 0x02) || (**p == 0x03)) { /* Compressed format, not supported by PSA Crypto. * Try converting using functions from ECP_LIGHT. */ - ret = pk_ecc_read_compressed(pk, *p, len, - pk->pub_raw, - PSA_EXPORT_PUBLIC_KEY_MAX_SIZE, - &pk->pub_raw_len); + ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, *p, len); if (ret != 0) { return ret; } From e4c883bc8cc64141b764b30ad0bc5c820e6831d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 23:31:01 +0200 Subject: [PATCH 144/185] New signature for pk_ecc_set_pubkey() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also new name, for consistency, and documentation. The signature **p, *end is mostly for parsing functions that may not consume everything, and need to update the "current" pointer to reflect what has been consumed. This is not the case here. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 42 +++++++++++++++++------------------------- 1 file changed, 17 insertions(+), 25 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 91f56062d3..f897c1e8c1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -275,40 +275,39 @@ exit: #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* - * EC public key is an EC point + * Set the public key. * - * The caller is responsible for clearing the structure upon failure if - * desired. Take care to pass along the possible ECP_FEATURE_UNAVAILABLE - * return code of mbedtls_ecp_point_read_binary() and leave p in a usable state. + * [in/out] pk: in: must have its group set, see pk_ecc_set_group(). + * out: will have the public key set. + * [in] pub, pub_len: the raw public key (an ECPoint). */ -static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, - mbedtls_pk_context *pk) +static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, + const unsigned char *pub, size_t pub_len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_svc_key_id_t key; psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - size_t len = (size_t) (end - *p); - if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { + if (pub_len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - if ((**p == 0x02) || (**p == 0x03)) { + if ((*pub == 0x02) || (*pub == 0x03)) { /* Compressed format, not supported by PSA Crypto. * Try converting using functions from ECP_LIGHT. */ - ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, *p, len); + ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); if (ret != 0) { return ret; } } else { /* Uncompressed format */ - if (len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + if (pub_len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } - memcpy(pk->pub_raw, *p, len); - pk->pub_raw_len = len; + memcpy(pk->pub_raw, pub, pub_len); + pk->pub_raw_len = pub_len; } /* Validate the key by trying to importing it */ @@ -328,18 +327,10 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, - (const unsigned char *) *p, - end - *p)) == 0) { + pub, pub_len)) == 0) { ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - /* - * We know mbedtls_ecp_point_read_binary and pk_ecc_read_compressed either - * consumed all bytes or failed, and memcpy consumed all bytes too. - */ - *p = (unsigned char *) end; - return ret; } @@ -900,7 +891,8 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, ret = pk_use_ecparams(&alg_params, pk); } if (ret == 0) { - ret = pk_get_ecpubkey(p, end, pk); + ret = pk_ecc_set_pubkey(pk, *p, end - *p); + *p += end - *p; } } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ @@ -1204,11 +1196,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } - if ((ret = pk_get_ecpubkey(&p, end2, pk)) == 0) { + if ((ret = pk_ecc_set_pubkey(pk, p, end2 - p)) == 0) { pubkey_done = 1; } else { /* - * The only acceptable failure mode of pk_get_ecpubkey() above + * The only acceptable failure mode of pk_ecc_set_pubkey() above * is if the point format is not recognized. */ if (ret != MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE) { From ff72ea9d518b5cfda03288adb586e0c6055d6103 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 26 Jul 2023 23:56:05 +0200 Subject: [PATCH 145/185] Rework pk_ecc_set_pubkey() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix the logic around format: we were just assuming that if the format was not compressed, it was uncompressed, but it could also have been just invalid. - Remove redundant length check: the fallback does its own checks. - Remove set_algorithm() that's not needed and introduced a depencency on ECDSA. - Some style / naming / scope reduction. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 57 ++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index f897c1e8c1..e8678ed348 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -284,54 +284,51 @@ exit: static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_svc_key_id_t key; - psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; - if (pub_len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - if ((*pub == 0x02) || (*pub == 0x03)) { - /* Compressed format, not supported by PSA Crypto. - * Try converting using functions from ECP_LIGHT. */ - ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); - if (ret != 0) { - return ret; - } - } else { - /* Uncompressed format */ - if (pub_len > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + /* Load the key */ + if (*pub == 0x04) { + /* Uncompressed format, directly supported by PSA */ + if (pub_len > sizeof(pk->pub_raw)) { return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } memcpy(pk->pub_raw, pub, pub_len); pk->pub_raw_len = pub_len; + } else { + /* Other format, try the fallback */ + int ret = pk_ecc_set_pubkey_psa_ecp_fallback(pk, pub, pub_len); + if (ret != 0) { + return ret; + } } - /* Validate the key by trying to importing it */ + /* Validate the key by trying to import it */ + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_usage_flags(&key_attrs, 0); - psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY); psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family)); psa_set_key_bits(&key_attrs, pk->ec_bits); if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len, - &key) != PSA_SUCCESS) || - (psa_destroy_key(key) != PSA_SUCCESS)) { - mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN); - pk->pub_raw_len = 0; - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + &key_id) != PSA_SUCCESS) || + (psa_destroy_key(key_id) != PSA_SUCCESS)) { + return MBEDTLS_ERR_PK_INVALID_PUBKEY; } - ret = 0; + + return 0; + #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + + int ret; mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx; - if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, - pub, pub_len)) == 0) { - ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); + ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q, pub, pub_len); + if (ret != 0) { + return ret; } + return mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q); + #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - return ret; } /*********************************************************************** From fac9819edcbc4b647dc44b99909972cac066970c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Jul 2023 09:19:42 +0200 Subject: [PATCH 146/185] Fix and document return of pk_ecc_set_pubkey() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit One of the calling site needs to distinguish between "the format is potentially valid but not supported" vs "other errors", and it uses MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for that. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index e8678ed348..d12984fb07 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -238,13 +238,19 @@ static int pk_ecc_set_pubkey_from_prv(mbedtls_pk_context *pk, * out: will have the public key set. * [in] pub, pub_len: the public key as an ECPoint, * in any format supported by ECP. + * + * Return: + * - 0 on success; + * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid + * but not supported; + * - another error code otherwise. */ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len) { #if !defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ mbedtls_ecp_keypair ecp_key; mbedtls_ecp_group_id ecp_group_id; @@ -280,6 +286,12 @@ exit: * [in/out] pk: in: must have its group set, see pk_ecc_set_group(). * out: will have the public key set. * [in] pub, pub_len: the raw public key (an ECPoint). + * + * Return: + * - 0 on success; + * - MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the format is potentially valid + * but not supported; + * - another error code otherwise. */ static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, const unsigned char *pub, size_t pub_len) From 12ea63a5f7b96b2169331a40221b0f5779111201 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 27 Jul 2023 12:20:16 +0200 Subject: [PATCH 147/185] Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 69 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 17 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index d12984fb07..9d87a71506 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -345,15 +345,51 @@ static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, /*********************************************************************** * - * Unsorted (yet!) from this point on until the next section header + * Low-level ECC parsing: optional support for SpecifiedECDomain + * + * There are two functions here that are used by the rest of the code: + * - pk_ecc_tag_may_be_speficied_ec_domain() + * - pk_ecc_group_id_from_specified() + * + * All the other functions are internal to this section. + * + * The two "public" functions have a dummy variant provided + * in configs without MBEDTLS_PK_PARSE_EC_EXTENDED. This acts as an + * abstraction layer for this macro, which should not appear outside + * this section. * **********************************************************************/ -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) +#if !defined(MBEDTLS_PK_PARSE_EC_EXTENDED) +/* See the "real" version for documentation */ +static int pk_ecc_tag_may_be_specified_ec_domain(int tag) +{ + (void) tag; + return 0; +} + +/* See the "real" version for documentation */ +static int pk_ecc_group_id_from_specified(const mbedtls_asn1_buf *params, + mbedtls_ecp_group_id *grp_id) +{ + (void) params; + (void) grp_id; + return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; +} +#else /* MBEDTLS_PK_PARSE_EC_EXTENDED */ +/* + * Tell if the passed tag might be the start of SpecifiedECDomain + * (that is, a sequence). + */ +static int pk_ecc_tag_may_be_specified_ec_domain(int tag) +{ + return tag == (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); +} + /* * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. * WARNING: the resulting group should only be used with - * pk_group_id_from_specified(), since its base point may not be set correctly + * pk_ecc_group_id_from_specified(), since its base point may not be set correctly * if it was encoded compressed. * * SpecifiedECDomain ::= SEQUENCE { @@ -562,8 +598,8 @@ cleanup: /* * Parse a SpecifiedECDomain (SEC 1 C.2) and find the associated group ID */ -static int pk_group_id_from_specified(const mbedtls_asn1_buf *params, - mbedtls_ecp_group_id *grp_id) +static int pk_ecc_group_id_from_specified(const mbedtls_asn1_buf *params, + mbedtls_ecp_group_id *grp_id) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_group grp; @@ -578,7 +614,7 @@ static int pk_group_id_from_specified(const mbedtls_asn1_buf *params, cleanup: /* The API respecting lifecycle for mbedtls_ecp_group struct is - * _init(), _load() and _free(). In pk_group_id_from_specified() the + * _init(), _load() and _free(). In pk_ecc_group_id_from_specified() the * temporary grp breaks that flow and it's members are populated * by pk_group_id_from_group(). As such mbedtls_ecp_group_free() * which is assuming a group populated by _setup() may not clean-up @@ -594,6 +630,11 @@ cleanup: } #endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ +/*********************************************************************** + * + * Unsorted (yet!) from this point on until the next section header + * + **********************************************************************/ /* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf * @@ -613,13 +654,10 @@ static int pk_get_ecparams(unsigned char **p, const unsigned char *end, MBEDTLS_ERR_ASN1_OUT_OF_DATA); } - /* Tag may be either OID or SEQUENCE */ + /* Acceptable tags: OID for namedCurve, or specifiedECDomain */ params->tag = **p; - if (params->tag != MBEDTLS_ASN1_OID -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - && params->tag != (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE) -#endif - ) { + if (params->tag != MBEDTLS_ASN1_OID && + !pk_ecc_tag_may_be_specified_ec_domain(params->tag)) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } @@ -657,13 +695,10 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p return MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE; } } else { -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - if ((ret = pk_group_id_from_specified(params, &grp_id)) != 0) { + ret = pk_ecc_group_id_from_specified(params, &grp_id); + if (ret != 0) { return ret; } -#else - return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; -#endif } return pk_ecc_set_group(pk, grp_id); From 53d3e40a21c9c56a053c25ec8fe801ccb796a18e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 1 Aug 2023 11:19:24 +0200 Subject: [PATCH 148/185] Fix unused warnings in dummy definition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index 9d87a71506..ffa91d30d6 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -250,6 +250,9 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, size_t pub_len) { #if !defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) + (void) pk; + (void) pub; + (void) pub_len; return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; #else /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ mbedtls_ecp_keypair ecp_key; From 564bc1bb960cd4d67a3d58488fff53565cf74ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Aug 2023 12:05:16 +0200 Subject: [PATCH 149/185] Fix limitation in checking supported alg in pk_sign MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The recent changes in pkparse made it so ECDSA (deterministic or not) is set as the secondary alg and ECDH the first one. This broke the wrapper in pk_wrap as it was only checking the first alg when deciding whether to use deterministic or not. The wrapper should not have unnecessary requirements on how algs are set up, so make the check more flexible. Signed-off-by: Manuel Pégourié-Gonnard --- library/pk_wrap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 53e11d5cb9..2c67836747 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -976,16 +976,17 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg, psa_status_t status; psa_algorithm_t psa_sig_md; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg; + psa_algorithm_t alg, alg2; status = psa_get_key_attributes(key_id, &key_attr); if (status != PSA_SUCCESS) { return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); } alg = psa_get_key_algorithm(&key_attr); + alg2 = psa_get_key_enrollment_algorithm(&key_attr); psa_reset_key_attributes(&key_attr); - if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) { + if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(alg2)) { psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); } else { psa_sig_md = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); From 94cf1f82ad73ea2dcf68367d9daf18a13e3b3db5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Aug 2023 12:09:24 +0200 Subject: [PATCH 150/185] Fix a typo in a comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index ffa91d30d6..bb6db0824c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -156,7 +156,7 @@ static int pk_ecc_set_key(mbedtls_pk_context *pk, * Note: the private key information is always available from pk, * however for convenience the serialized version is also passed, * as it's available at each calling site, and useful in some configs - * (as otherwise we're have to re-serialize it from the pk context). + * (as otherwise we would have to re-serialize it from the pk context). * * There are three implementations of this function: * 1. MBEDTLS_PK_USE_PSA_EC_DATA, From 842ffc5085a12998407de61d465c3d2fbb910e04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Aug 2023 12:10:51 +0200 Subject: [PATCH 151/185] Make code more robust MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using return here is only correct if we know that group_load() is atomic (either succeeds, or allocates no ressources). I'm not sure it is, and even if it were, goto exit is more obviously correct, so let's use that. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index bb6db0824c..b0eef95a32 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -264,7 +264,7 @@ static int pk_ecc_set_pubkey_psa_ecp_fallback(mbedtls_pk_context *pk, mbedtls_ecp_keypair_init(&ecp_key); ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id); if (ret != 0) { - return ret; + goto exit; } ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q, pub, pub_len); From f1b7633443ef3c4709e594817fd7e57645404472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 2 Aug 2023 12:14:19 +0200 Subject: [PATCH 152/185] Use clearer function name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I went for "may be" as I was thinking just checking the tag technically does not guarantee that what follows is correct, but I was wrong: according to ASN.1, when there are variants, the tag does distinguish unambiguously between variants, so we can be more positive here. (Whether the thing inside that variant is correct is a different question.) As a welcome side effect, this makes the name more standard hence more readable. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index b0eef95a32..820c8d1cf4 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -351,7 +351,7 @@ static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, * Low-level ECC parsing: optional support for SpecifiedECDomain * * There are two functions here that are used by the rest of the code: - * - pk_ecc_tag_may_be_speficied_ec_domain() + * - pk_ecc_tag_is_speficied_ec_domain() * - pk_ecc_group_id_from_specified() * * All the other functions are internal to this section. @@ -365,7 +365,7 @@ static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, #if !defined(MBEDTLS_PK_PARSE_EC_EXTENDED) /* See the "real" version for documentation */ -static int pk_ecc_tag_may_be_specified_ec_domain(int tag) +static int pk_ecc_tag_is_specified_ec_domain(int tag) { (void) tag; return 0; @@ -384,7 +384,7 @@ static int pk_ecc_group_id_from_specified(const mbedtls_asn1_buf *params, * Tell if the passed tag might be the start of SpecifiedECDomain * (that is, a sequence). */ -static int pk_ecc_tag_may_be_specified_ec_domain(int tag) +static int pk_ecc_tag_is_specified_ec_domain(int tag) { return tag == (MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } @@ -660,7 +660,7 @@ static int pk_get_ecparams(unsigned char **p, const unsigned char *end, /* Acceptable tags: OID for namedCurve, or specifiedECDomain */ params->tag = **p; if (params->tag != MBEDTLS_ASN1_OID && - !pk_ecc_tag_may_be_specified_ec_domain(params->tag)) { + !pk_ecc_tag_is_specified_ec_domain(params->tag)) { return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); } From 52e9548c227d659fb889d3a73657244608cf8d82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 3 Aug 2023 10:22:41 +0200 Subject: [PATCH 153/185] Fix check for format supported by PSA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For non-Weierstrass curves there's only one format and it's supported. Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 820c8d1cf4..b4299518fd 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -302,8 +302,10 @@ static int pk_ecc_set_pubkey(mbedtls_pk_context *pk, #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) /* Load the key */ - if (*pub == 0x04) { - /* Uncompressed format, directly supported by PSA */ + if (!PSA_ECC_FAMILY_IS_WEIERSTRASS(pk->ec_family) || *pub == 0x04) { + /* Format directly supported by PSA: + * - non-Weierstrass curves that only have one format; + * - uncompressed format for Weierstrass curves. */ if (pub_len > sizeof(pk->pub_raw)) { return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } From 05216335596a21e0986a6c617f989ee2f1c4a0e8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 11:22:21 +0200 Subject: [PATCH 154/185] cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext() Signed-off-by: Valerio Setti --- library/cipher.c | 8 ++++---- tests/suites/test_suite_cipher.function | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 7009c19b4d..c5d82cb9c5 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1607,7 +1607,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) /* AEAD case: check length before passing on to shared function */ if (output_len < ilen + tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1620,7 +1620,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, return ret; #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ } /* @@ -1658,7 +1658,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) /* AEAD case: check length before passing on to shared function */ if (ilen < tag_len || output_len < ilen - tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1669,7 +1669,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, input + ilen - tag_len, tag_len); #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_SOME_AEAD */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ } #endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY || MBEDTLS_NIST_KW_C */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index da43fda19f..9679e019df 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -85,7 +85,7 @@ exit: return 0; } -#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) /* Helper for resetting key/direction * * The documentation doesn't explicitly say whether calling @@ -842,7 +842,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, data_t *ad, data_t *cipher, data_t *tag, char *result, data_t *clear, int use_psa) From 596ef6c0b1031f518e85f2d1a102eba570d8c0de Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 11:26:08 +0200 Subject: [PATCH 155/185] cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 6 +++--- library/cipher.c | 16 ++++++++-------- tests/suites/test_suite_cipher.function | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index e13bee6a00..3a98976d58 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -34,7 +34,7 @@ #include "mbedtls/platform_util.h" #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -#define MBEDTLS_CIPHER_HAVE_AEAD_LEGACY +#define MBEDTLS_CIPHER_HAVE_AEAD #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1080,7 +1080,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. * @@ -1187,7 +1187,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); -#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } #endif diff --git a/library/cipher.c b/library/cipher.c index c5d82cb9c5..97dd0e95a0 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1390,7 +1390,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, return 0; } -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). @@ -1569,9 +1569,9 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } -#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ @@ -1607,7 +1607,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) /* AEAD case: check length before passing on to shared function */ if (output_len < ilen + tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1620,7 +1620,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, return ret; #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ } /* @@ -1658,7 +1658,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) /* AEAD case: check length before passing on to shared function */ if (ilen < tag_len || output_len < ilen - tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1669,8 +1669,8 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, input + ilen - tag_len, tag_len); #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ } -#endif /* MBEDTLS_CIPHER_HAVE_AEAD_LEGACY || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_HAVE_AEAD || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 9679e019df..3403af0b1a 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -85,7 +85,7 @@ exit: return 0; } -#if defined(MBEDTLS_CIPHER_HAVE_AEAD_LEGACY) +#if defined(MBEDTLS_CIPHER_HAVE_AEAD) /* Helper for resetting key/direction * * The documentation doesn't explicitly say whether calling @@ -842,7 +842,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_HAVE_AEAD_LEGACY */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_HAVE_AEAD */ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, data_t *ad, data_t *cipher, data_t *tag, char *result, data_t *clear, int use_psa) From dcee98730b544e77321ea0a73c42f46385abe614 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 11:35:57 +0200 Subject: [PATCH 156/185] cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols Signed-off-by: Valerio Setti --- library/cipher_wrap.c | 34 ++++++++++++------------- library/cipher_wrap.h | 20 ++++++++------- tests/suites/test_suite_cipher.function | 2 +- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 63b725fb70..4e1e996c6f 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -80,7 +80,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_CAMELLIA_C) MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA, #endif -#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) MBEDTLS_CIPHER_BASE_INDEX_CCM_AES, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -104,7 +104,7 @@ enum mbedtls_cipher_base_index { #if defined(MBEDTLS_DES_C) MBEDTLS_CIPHER_BASE_INDEX_DES, #endif -#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) MBEDTLS_CIPHER_BASE_INDEX_GCM_AES, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) @@ -578,7 +578,7 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t gcm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -612,9 +612,9 @@ static const mbedtls_cipher_base_t gcm_aes_info = { NULL, #endif /* MBEDTLS_GCM_C */ }; -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */ -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_gcm_info = { "AES-128-GCM", 16, @@ -649,7 +649,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; #endif -#endif /* MBEDTLS_CIPHER_HAVE_GCM */ +#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */ #if defined(MBEDTLS_CCM_C) static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, @@ -660,7 +660,7 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key, } #endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_base_t ccm_aes_info = { MBEDTLS_CIPHER_ID_AES, NULL, @@ -694,9 +694,9 @@ static const mbedtls_cipher_base_t ccm_aes_info = { NULL, #endif }; -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_ccm_info = { "AES-128-CCM", 16, @@ -731,9 +731,9 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CIPHER_HAVE_CCM */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */ -#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", 16, @@ -768,7 +768,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; #endif -#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG */ +#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA */ #endif /* MBEDTLS_AES_C */ @@ -2269,21 +2269,21 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif #endif -#if defined(MBEDTLS_CIPHER_HAVE_GCM) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif #endif -#if defined(MBEDTLS_CIPHER_HAVE_CCM) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, #endif #endif -#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, #if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, @@ -2413,7 +2413,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_CAMELLIA_C) [MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info, #endif -#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES) +#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA) [MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info, #endif #if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C) @@ -2437,7 +2437,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = { #if defined(MBEDTLS_DES_C) [MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info, #endif -#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES) +#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA) [MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info, #endif #if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C) diff --git a/library/cipher_wrap.h b/library/cipher_wrap.h index 53cf12ff40..c1915bce9e 100644 --- a/library/cipher_wrap.h +++ b/library/cipher_wrap.h @@ -39,37 +39,39 @@ extern "C" { /* Support for GCM either through Mbed TLS SW implementation or PSA */ #if defined(MBEDTLS_GCM_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM)) -#define MBEDTLS_CIPHER_HAVE_GCM +#define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA #endif #if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES)) -#define MBEDTLS_CIPHER_HAVE_GCM_AES +#define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA #endif #if defined(MBEDTLS_CCM_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM)) -#define MBEDTLS_CIPHER_HAVE_CCM +#define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA #endif #if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES)) -#define MBEDTLS_CIPHER_HAVE_CCM_AES +#define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA #endif #if defined(MBEDTLS_CCM_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)) -#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG +#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA #endif #if defined(MBEDTLS_CHACHAPOLY_C) || \ (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305)) -#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY +#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA #endif -#if defined(MBEDTLS_CIPHER_HAVE_GCM) || defined(MBEDTLS_CIPHER_HAVE_CCM) || \ - defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG) || defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY) -#define MBEDTLS_CIPHER_HAVE_SOME_AEAD +#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \ + defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA) +#define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA #endif /** diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 3403af0b1a..6fd94ce22e 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -6,7 +6,7 @@ #include "mbedtls/gcm.h" #endif -#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) #define MBEDTLS_CIPHER_AUTH_CRYPT #endif From 74cb404b0d779fe04b80a482c4562b9b41e9ee27 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 13:40:50 +0200 Subject: [PATCH 157/185] ssl: improve ssl_check_key_curve() Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 4433e8b4ad..6f5472416d 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -676,11 +676,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) { uint16_t *curr_tls_id = curves_tls_id; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); -#else - mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id; -#endif + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); mbedtls_ecp_group_id curr_grp_id; while (*curr_tls_id != 0) { From b0c618e147554e672b6c3f438127e1163157e807 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 14:19:49 +0200 Subject: [PATCH 158/185] analyze_outcomes: minor improvements Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 49445a4735..105a4aaedd 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -27,7 +27,7 @@ class TestLog: self.output = self.output + (fmt + '\n').format(*args, **kwargs) def info(self, fmt, *args, **kwargs): - self.add_line(fmt, *args, **kwargs) + self.add_line('Info: ' + fmt, *args, **kwargs) def error(self, fmt, *args, **kwargs): self.info('Error: ' + fmt, *args, **kwargs) @@ -176,6 +176,9 @@ def do_analyze_driver_vs_reference(outcome_file, args): """Perform driver vs reference analyze.""" log = TestLog() + log.info("\n*** Analyze driver {} vs reference {} ***\n".format( + args['component_driver'], args['component_ref'])) + log = execute_reference_driver_tests(log, args['component_ref'], \ args['component_driver'], outcome_file) if log.error_count != 0: @@ -185,8 +188,6 @@ def do_analyze_driver_vs_reference(outcome_file, args): outcomes = read_outcome_file(outcome_file) - log.info("\n*** Analyze driver {} vs reference {} ***\n".format( - args['component_driver'], args['component_ref'])) log = analyze_driver_vs_reference(log, outcomes, args['component_ref'], args['component_driver'], ignored_suites, args['ignored_tests']) From 9fc1f24331c364398394db39a0e76baa8f200272 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 16 Oct 2023 14:39:38 +0200 Subject: [PATCH 159/185] md: restore md.h includes in source files directly using its elements Signed-off-by: Valerio Setti --- include/mbedtls/oid.h | 1 + include/mbedtls/ssl.h | 1 + include/mbedtls/ssl_ciphersuites.h | 1 + library/x509write_crt.c | 1 + tests/suites/test_suite_entropy.function | 1 + tests/suites/test_suite_md.function | 1 + tests/suites/test_suite_pkcs1_v15.function | 1 + 7 files changed, 7 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 8ab7f7f944..9545072296 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -34,6 +34,7 @@ #include "mbedtls/cipher.h" #endif +#include "mbedtls/md.h" /** OID is not found. */ #define MBEDTLS_ERR_OID_NOT_FOUND -0x002E diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b69e3150fb..debb1cc2c1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -40,6 +40,7 @@ #include "mbedtls/dhm.h" #endif +#include "mbedtls/md.h" #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) #include "mbedtls/ecdh.h" diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 07791e5411..07f2facef5 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -27,6 +27,7 @@ #include "mbedtls/pk.h" #include "mbedtls/cipher.h" +#include "mbedtls/md.h" #ifdef __cplusplus extern "C" { diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c0657a8275..a8a3022cb5 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -33,6 +33,7 @@ #include "mbedtls/oid.h" #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" +#include "mbedtls/md.h" #include #include diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 7c7e43f17e..0e013b740d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/entropy.h" #include "entropy_poll.h" +#include "mbedtls/md.h" #include "string.h" typedef enum { diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 71dcb87655..866ff588f8 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,4 +1,5 @@ /* BEGIN_HEADER */ +#include "mbedtls/md.h" #include "md_psa.h" #include "mbedtls/oid.h" diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 716ae4453d..7113274550 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" +#include "mbedtls/md.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES From f3803a1f715245f36226abdd4b398bdb92fbdc85 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 16 Oct 2023 13:47:15 +0100 Subject: [PATCH 160/185] Cleanup validation interface Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7b801a3ecd..f07de88f16 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3926,7 +3926,7 @@ component_build_tfm() { # The validator function is the name of a function to validate the combination of options. # It may be "" if all combinations are valid. # It receives a string containing a combination of options, as passed to the compiler, -# e.g. "-DOPT1 -DOPT2 ...". It must echo something iff the combination is invalid. +# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid. build_test_config_combos() { file=$1 shift @@ -3975,7 +3975,7 @@ build_test_config_combos() { done # if combination is not known to be invalid, add it to the makefile - if [[ -z $validate_options ]] || [[ $($validate_options "${clang_args}") == "" ]] ; then + if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then cmd="${compile_cmd} ${clang_args}" echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile} @@ -3997,11 +3997,11 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - echo INVALID + false fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - echo INVALID + false fi fi } From 41bc798d7cb258871ab13f3122b5971a4ce64be6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 16 Oct 2023 14:04:21 +0100 Subject: [PATCH 161/185] Tidy-up Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f07de88f16..7493c97343 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3997,13 +3997,14 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - false + return 1 fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then - false + return 1 fi fi + return 0 } component_build_aes_variations() { From 5329ff06b9456fecb7cbe42021177da14999c4c3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 09:44:36 +0200 Subject: [PATCH 162/185] analyze_outcomes: print task list directly to stdout Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 105a4aaedd..f1680adc9c 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -679,8 +679,7 @@ def main(): if options.list: for task in KNOWN_TASKS: - main_log.info(task) - main_log.print_output() + print(task) sys.exit(0) if options.specified_tasks == 'all': From 6d429216339adf27c6404b78d67c4b674c75319e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 17 Oct 2023 10:01:33 +0200 Subject: [PATCH 163/185] Require at least on curve for ECP_LIGHT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ECP_LIGHT is not usable without any curve, just the same as ECP_C. We forgot to update this check when introducing the ECP_LIGHT subset. Note: the message doesn't mention ECP_LIGHT as that's not a public config knob, hence the message with "ECP_C or a subset" (that's how it's referred to in user-facing documentation such as docs/driver-only-builds.md). Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e18e9a5fc6..cdc2be171f 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -231,7 +231,7 @@ #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ +#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \ !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \ @@ -245,7 +245,7 @@ !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \ !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) ) -#error "MBEDTLS_ECP_C defined, but not all prerequisites" +#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites" #endif #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) From 745ec5d75ebdebdc7f2c913d2e45d7d2e918e06e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 17 Oct 2023 10:13:45 +0200 Subject: [PATCH 164/185] Fix static initializer warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In a hypothetical build with no curves, or in the future when we add a new curve type and possibly forget updating this function with a new block for the new type, we write to `ret` at the beginning or the function then immediately overwrite it with MPI_CHK(check_privkey), which static analyzers understandably find questionable. Use `ret` here and check the key only if it was actually set. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index 5f2a7b0c06..dfa095782b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3288,7 +3288,10 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen)); } #endif - MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); + + if (ret == 0) { + MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d)); + } cleanup: From fb2750e98e1f68e61a04b54ad6821bee89ee54a9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 10:11:45 +0200 Subject: [PATCH 165/185] analyze_outcomes: exit immediately in case of invalid task Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index f1680adc9c..28c55125c2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -688,24 +688,24 @@ def main(): tasks_list = re.split(r'[, ]+', options.specified_tasks) for task in tasks_list: if task not in KNOWN_TASKS: - main_log.error('invalid task: {}'.format(task)) + sys.stderr.write('invalid task: {}'.format(task)) + sys.exit(2) KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage all_succeeded = True - for task in KNOWN_TASKS: - if task in tasks_list: - test_function = KNOWN_TASKS[task]['test_function'] - test_args = KNOWN_TASKS[task]['args'] - test_log = test_function(options.outcomes, test_args) - # Merge the output of this task with the main one - main_log.output = main_log.output + test_log.output - main_log.info("Task {} completed with:\n".format(task) + \ - "{} warnings\n".format(test_log.warning_count) + \ - "{} errors\n".format(test_log.error_count)) - if test_log.error_count != 0: - all_succeeded = False + for task in tasks_list: + test_function = KNOWN_TASKS[task]['test_function'] + test_args = KNOWN_TASKS[task]['args'] + test_log = test_function(options.outcomes, test_args) + # Merge the output of this task with the main one + main_log.output = main_log.output + test_log.output + main_log.info("Task {} completed with:\n".format(task) + \ + "{} warnings\n".format(test_log.warning_count) + \ + "{} errors\n".format(test_log.error_count)) + if test_log.error_count != 0: + all_succeeded = False main_log.print_output() sys.exit(0 if all_succeeded else 1) From 3f339897628ebd9ee37320042099aa255a83823a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 10:42:11 +0200 Subject: [PATCH 166/185] analyze_outcomes: use a single TestLog instance and do not delay output Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 41 +++++++++++-------------------- 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 28c55125c2..8ddbf6c1eb 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -21,24 +21,21 @@ class TestLog: def __init__(self): self.error_count = 0 self.warning_count = 0 - self.output = "" - - def add_line(self, fmt, *args, **kwargs): - self.output = self.output + (fmt + '\n').format(*args, **kwargs) def info(self, fmt, *args, **kwargs): - self.add_line('Info: ' + fmt, *args, **kwargs) + self.print_line('Info: ' + fmt, *args, **kwargs) def error(self, fmt, *args, **kwargs): - self.info('Error: ' + fmt, *args, **kwargs) self.error_count += 1 + self.print_line('Error: ' + fmt, *args, **kwargs) def warning(self, fmt, *args, **kwargs): - self.info('Warning: ' + fmt, *args, **kwargs) self.warning_count += 1 + self.print_line('Warning: ' + fmt, *args, **kwargs) - def print_output(self): - sys.stderr.write(self.output) + @staticmethod + def print_line(fmt, *args, **kwargs): + sys.stderr.write(fmt, *args, **kwargs) class TestCaseOutcomes: """The outcomes of one test case across many configurations.""" @@ -164,25 +161,20 @@ by a semicolon. outcomes[key].failures.append(setup) return outcomes -def do_analyze_coverage(outcome_file, args): +def do_analyze_coverage(log: TestLog, outcome_file, args) -> TestLog: """Perform coverage analysis.""" - log = TestLog() log.info("\n*** Analyze coverage ***\n") outcomes = read_outcome_file(outcome_file) log = analyze_outcomes(log, outcomes, args) return log -def do_analyze_driver_vs_reference(outcome_file, args): +def do_analyze_driver_vs_reference(log: TestLog, outcome_file, args) -> TestLog: """Perform driver vs reference analyze.""" - log = TestLog() - log.info("\n*** Analyze driver {} vs reference {} ***\n".format( args['component_driver'], args['component_ref'])) log = execute_reference_driver_tests(log, args['component_ref'], \ args['component_driver'], outcome_file) - if log.error_count != 0: - return log ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] @@ -693,22 +685,17 @@ def main(): KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage - all_succeeded = True - for task in tasks_list: test_function = KNOWN_TASKS[task]['test_function'] test_args = KNOWN_TASKS[task]['args'] - test_log = test_function(options.outcomes, test_args) - # Merge the output of this task with the main one - main_log.output = main_log.output + test_log.output - main_log.info("Task {} completed with:\n".format(task) + \ - "{} warnings\n".format(test_log.warning_count) + \ - "{} errors\n".format(test_log.error_count)) - if test_log.error_count != 0: - all_succeeded = False + main_log = test_function(main_log, options.outcomes, test_args) + + main_log.info("Overall results:\n" + \ + "{} warnings\n".format(main_log.warning_count) + \ + "{} errors\n".format(main_log.error_count)) main_log.print_output() - sys.exit(0 if all_succeeded else 1) + sys.exit(0 if (main_log.error_count == 0) else 2) except Exception: # pylint: disable=broad-except # Print the backtrace and exit explicitly with our chosen status. From f075e47bc1ea7a02bfc5d9c44427ee4e7908a419 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 11:03:16 +0200 Subject: [PATCH 167/185] analyze_outcomes: reset name of TestLog to Results Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 67 +++++++++++++++---------------- 1 file changed, 33 insertions(+), 34 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 8ddbf6c1eb..95f0cc6973 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 + #!/usr/bin/env python3 """Analyze the test outcomes from a full CI run. @@ -15,7 +15,7 @@ import os import check_test_cases -class TestLog: +class Results: """Process analysis results.""" def __init__(self): @@ -56,27 +56,27 @@ class TestCaseOutcomes: """ return len(self.successes) + len(self.failures) -def execute_reference_driver_tests(log: TestLog, ref_component, driver_component, \ - outcome_file) -> TestLog: +def execute_reference_driver_tests(results: Results, ref_component, driver_component, \ + outcome_file) -> Results: """Run the tests specified in ref_component and driver_component. Results are stored in the output_file and they will be used for the following coverage analysis""" # If the outcome file already exists, we assume that the user wants to # perform the comparison analysis again without repeating the tests. if os.path.exists(outcome_file): - log.info("Outcome file (" + outcome_file + ") already exists. " + \ + results.info("Outcome file (" + outcome_file + ") already exists. " + \ "Tests will be skipped.") - return log + return results shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component - log.info("Running: " + shell_command) + results.info("Running: " + shell_command) ret_val = subprocess.run(shell_command.split(), check=False).returncode if ret_val != 0: - log.error("failed to run reference/driver components") + results.error("failed to run reference/driver components") - return log + return results def analyze_coverage(results, outcomes, allow_list, full_coverage): """Check that all available test cases are executed at least once.""" @@ -95,7 +95,7 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage): else: results.warning('Allow listed test case was executed: {}', key) -def analyze_driver_vs_reference(log: TestLog, outcomes, +def analyze_driver_vs_reference(results: Results, outcomes, component_ref, component_driver, ignored_suites, ignored_test=None): """Check that all tests executed in the reference component are also @@ -130,15 +130,15 @@ def analyze_driver_vs_reference(log: TestLog, outcomes, if component_ref in entry: reference_test_passed = True if(reference_test_passed and not driver_test_passed): - log.error(key) + results.error(key) - return log + return results -def analyze_outcomes(log: TestLog, outcomes, args) -> TestLog: +def analyze_outcomes(results: Results, outcomes, args) -> Results: """Run all analyses on the given outcome collection.""" - analyze_coverage(log, outcomes, args['allow_list'], + analyze_coverage(results, outcomes, args['allow_list'], args['full_coverage']) - return log + return results def read_outcome_file(outcome_file): """Parse an outcome file and return an outcome collection. @@ -161,30 +161,30 @@ by a semicolon. outcomes[key].failures.append(setup) return outcomes -def do_analyze_coverage(log: TestLog, outcome_file, args) -> TestLog: +def do_analyze_coverage(results: Results, outcome_file, args) -> Results: """Perform coverage analysis.""" - log.info("\n*** Analyze coverage ***\n") + results.info("\n*** Analyze coverage ***\n") outcomes = read_outcome_file(outcome_file) - log = analyze_outcomes(log, outcomes, args) - return log + results = analyze_outcomes(results, outcomes, args) + return results -def do_analyze_driver_vs_reference(log: TestLog, outcome_file, args) -> TestLog: +def do_analyze_driver_vs_reference(results: Results, outcome_file, args) -> Results: """Perform driver vs reference analyze.""" - log.info("\n*** Analyze driver {} vs reference {} ***\n".format( + results.info("\n*** Analyze driver {} vs reference {} ***\n".format( args['component_driver'], args['component_ref'])) - log = execute_reference_driver_tests(log, args['component_ref'], \ + results = execute_reference_driver_tests(results, args['component_ref'], \ args['component_driver'], outcome_file) ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] outcomes = read_outcome_file(outcome_file) - log = analyze_driver_vs_reference(log, outcomes, - args['component_ref'], args['component_driver'], - ignored_suites, args['ignored_tests']) + results = analyze_driver_vs_reference(results, outcomes, + args['component_ref'], args['component_driver'], + ignored_suites, args['ignored_tests']) - return log + return results # List of tasks with a function that can handle this task and additional arguments if required KNOWN_TASKS = { @@ -649,7 +649,7 @@ KNOWN_TASKS = { } def main(): - main_log = TestLog() + main_results = Results() try: parser = argparse.ArgumentParser(description=__doc__) @@ -688,14 +688,13 @@ def main(): for task in tasks_list: test_function = KNOWN_TASKS[task]['test_function'] test_args = KNOWN_TASKS[task]['args'] - main_log = test_function(main_log, options.outcomes, test_args) - - main_log.info("Overall results:\n" + \ - "{} warnings\n".format(main_log.warning_count) + \ - "{} errors\n".format(main_log.error_count)) + main_results = test_function(main_results, options.outcomes, test_args) - main_log.print_output() - sys.exit(0 if (main_log.error_count == 0) else 2) + main_results.info("Overall results:\n" + \ + "{} warnings\n".format(main_results.warning_count) + \ + "{} errors\n".format(main_results.error_count)) + + sys.exit(0 if (main_results.error_count == 0) else 2) except Exception: # pylint: disable=broad-except # Print the backtrace and exit explicitly with our chosen status. From 40314fcc75d3343ecc7cb3b8a366e89715f52a85 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 11:34:31 +0200 Subject: [PATCH 168/185] analyze_outcomes: fix newlines Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 95f0cc6973..57f359a653 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -35,7 +35,7 @@ class Results: @staticmethod def print_line(fmt, *args, **kwargs): - sys.stderr.write(fmt, *args, **kwargs) + sys.stderr.write(fmt + '\n', *args, **kwargs) class TestCaseOutcomes: """The outcomes of one test case across many configurations.""" @@ -163,14 +163,14 @@ by a semicolon. def do_analyze_coverage(results: Results, outcome_file, args) -> Results: """Perform coverage analysis.""" - results.info("\n*** Analyze coverage ***\n") + results.info("*** Analyze coverage ***") outcomes = read_outcome_file(outcome_file) results = analyze_outcomes(results, outcomes, args) return results def do_analyze_driver_vs_reference(results: Results, outcome_file, args) -> Results: """Perform driver vs reference analyze.""" - results.info("\n*** Analyze driver {} vs reference {} ***\n".format( + results.info("*** Analyze driver {} vs reference {} ***".format( args['component_driver'], args['component_ref'])) results = execute_reference_driver_tests(results, args['component_ref'], \ @@ -690,9 +690,9 @@ def main(): test_args = KNOWN_TASKS[task]['args'] main_results = test_function(main_results, options.outcomes, test_args) - main_results.info("Overall results:\n" + \ - "{} warnings\n".format(main_results.warning_count) + \ - "{} errors\n".format(main_results.error_count)) + main_results.info("Overall results: " + \ + "{} warnings | ".format(main_results.warning_count) + \ + "{} errors".format(main_results.error_count)) sys.exit(0 if (main_results.error_count == 0) else 2) From 9a4273099c4c3cade2aeff3cfe58ba824626c679 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 11:40:42 +0200 Subject: [PATCH 169/185] all.sh: fix comment Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ab1007812c..564e2e46a6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3531,7 +3531,7 @@ component_test_psa_crypto_config_accel_cipher () { # Configure # --------- - # Start from the default config (no TLS 1.3, no USE_PSA) + # Start from the full config helper_libtestdriver1_adjust_config "full" # There is no intended accelerator support for ALG CMAC. Therefore, asking From 2f00b7a5dab28ff93b731f4972887251ab4e4882 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 11:43:34 +0200 Subject: [PATCH 170/185] cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD Signed-off-by: Valerio Setti --- include/mbedtls/cipher.h | 6 +++--- library/cipher.c | 16 ++++++++-------- tests/suites/test_suite_cipher.function | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 3a98976d58..9c8701d38d 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -34,7 +34,7 @@ #include "mbedtls/platform_util.h" #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) -#define MBEDTLS_CIPHER_HAVE_AEAD +#define MBEDTLS_CIPHER_MODE_AEAD #endif #if defined(MBEDTLS_CIPHER_MODE_CBC) @@ -1080,7 +1080,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen); -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. * @@ -1187,7 +1187,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t output_len, size_t *olen, size_t tag_len); -#endif /* MBEDTLS_CIPHER_HAVE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ #ifdef __cplusplus } #endif diff --git a/library/cipher.c b/library/cipher.c index 97dd0e95a0..9f9f1075c7 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1390,7 +1390,7 @@ int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx, return 0; } -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* * Packet-oriented encryption for AEAD modes: internal function used by * mbedtls_cipher_auth_encrypt_ext(). @@ -1569,9 +1569,9 @@ static int mbedtls_cipher_aead_decrypt(mbedtls_cipher_context_t *ctx, return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; } -#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) || defined(MBEDTLS_NIST_KW_C) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) /* * Packet-oriented encryption for AEAD/NIST_KW: public function. */ @@ -1607,7 +1607,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ if (output_len < ilen + tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1620,7 +1620,7 @@ int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx, return ret; #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ } /* @@ -1658,7 +1658,7 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* AEAD case: check length before passing on to shared function */ if (ilen < tag_len || output_len < ilen - tag_len) { return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA; @@ -1669,8 +1669,8 @@ int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx, input + ilen - tag_len, tag_len); #else return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; -#endif /* MBEDTLS_CIPHER_HAVE_AEAD */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD */ } -#endif /* MBEDTLS_CIPHER_HAVE_AEAD || MBEDTLS_NIST_KW_C */ +#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ #endif /* MBEDTLS_CIPHER_C */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 6fd94ce22e..e6970129ea 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -85,7 +85,7 @@ exit: return 0; } -#if defined(MBEDTLS_CIPHER_HAVE_AEAD) +#if defined(MBEDTLS_CIPHER_MODE_AEAD) /* Helper for resetting key/direction * * The documentation doesn't explicitly say whether calling @@ -842,7 +842,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_HAVE_AEAD */ +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, data_t *ad, data_t *cipher, data_t *tag, char *result, data_t *clear, int use_psa) From 8d178be66e5cdc1b5ba60d90a96d2e63da9a7ff2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 12:23:55 +0200 Subject: [PATCH 171/185] analyze_outcomes: fix return value in case of test failure Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 57f359a653..2998d322d8 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -1,4 +1,4 @@ - #!/usr/bin/env python3 +#!/usr/bin/env python3 """Analyze the test outcomes from a full CI run. @@ -694,7 +694,7 @@ def main(): "{} warnings | ".format(main_results.warning_count) + \ "{} errors".format(main_results.error_count)) - sys.exit(0 if (main_results.error_count == 0) else 2) + sys.exit(0 if (main_results.error_count == 0) else 1) except Exception: # pylint: disable=broad-except # Print the backtrace and exit explicitly with our chosen status. From f6f64cfd819335fab6d09320a66de27c821ee4ad Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 12:28:26 +0200 Subject: [PATCH 172/185] analyze_outcomes: code style improvement Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 2998d322d8..e0c69469f5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -690,9 +690,8 @@ def main(): test_args = KNOWN_TASKS[task]['args'] main_results = test_function(main_results, options.outcomes, test_args) - main_results.info("Overall results: " + \ - "{} warnings | ".format(main_results.warning_count) + \ - "{} errors".format(main_results.error_count)) + main_results.info("Overall results: {} warnings and {} errors", + main_results.warning_count, main_results.error_count) sys.exit(0 if (main_results.error_count == 0) else 1) From 8070dbec6b76f5a4dcf8260d855065dca42dc633 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 12:29:30 +0200 Subject: [PATCH 173/185] analyze_outcomes: keep print_line() method non-static Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index e0c69469f5..0346404302 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -23,18 +23,18 @@ class Results: self.warning_count = 0 def info(self, fmt, *args, **kwargs): - self.print_line('Info: ' + fmt, *args, **kwargs) + self._print_line('Info: ' + fmt, *args, **kwargs) def error(self, fmt, *args, **kwargs): self.error_count += 1 - self.print_line('Error: ' + fmt, *args, **kwargs) + self._print_line('Error: ' + fmt, *args, **kwargs) def warning(self, fmt, *args, **kwargs): self.warning_count += 1 - self.print_line('Warning: ' + fmt, *args, **kwargs) + self._print_line('Warning: ' + fmt, *args, **kwargs) @staticmethod - def print_line(fmt, *args, **kwargs): + def _print_line(fmt, *args, **kwargs): sys.stderr.write(fmt + '\n', *args, **kwargs) class TestCaseOutcomes: From 781c23416e511ab31738bfc2607f944e8fcc4ce3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 17 Oct 2023 12:47:35 +0200 Subject: [PATCH 174/185] analyze_oucomes: do not return Results instance passed as parameter Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 32 ++++++++++++------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 0346404302..5f2e37877e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -57,7 +57,7 @@ class TestCaseOutcomes: return len(self.successes) + len(self.failures) def execute_reference_driver_tests(results: Results, ref_component, driver_component, \ - outcome_file) -> Results: + outcome_file): """Run the tests specified in ref_component and driver_component. Results are stored in the output_file and they will be used for the following coverage analysis""" @@ -66,7 +66,7 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo if os.path.exists(outcome_file): results.info("Outcome file (" + outcome_file + ") already exists. " + \ "Tests will be skipped.") - return results + return shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component @@ -76,8 +76,6 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo if ret_val != 0: results.error("failed to run reference/driver components") - return results - def analyze_coverage(results, outcomes, allow_list, full_coverage): """Check that all available test cases are executed at least once.""" available = check_test_cases.collect_available_test_cases() @@ -132,13 +130,10 @@ def analyze_driver_vs_reference(results: Results, outcomes, if(reference_test_passed and not driver_test_passed): results.error(key) - return results - -def analyze_outcomes(results: Results, outcomes, args) -> Results: +def analyze_outcomes(results: Results, outcomes, args): """Run all analyses on the given outcome collection.""" analyze_coverage(results, outcomes, args['allow_list'], args['full_coverage']) - return results def read_outcome_file(outcome_file): """Parse an outcome file and return an outcome collection. @@ -161,30 +156,27 @@ by a semicolon. outcomes[key].failures.append(setup) return outcomes -def do_analyze_coverage(results: Results, outcome_file, args) -> Results: +def do_analyze_coverage(results: Results, outcome_file, args): """Perform coverage analysis.""" results.info("*** Analyze coverage ***") outcomes = read_outcome_file(outcome_file) - results = analyze_outcomes(results, outcomes, args) - return results + analyze_outcomes(results, outcomes, args) -def do_analyze_driver_vs_reference(results: Results, outcome_file, args) -> Results: +def do_analyze_driver_vs_reference(results: Results, outcome_file, args): """Perform driver vs reference analyze.""" results.info("*** Analyze driver {} vs reference {} ***".format( args['component_driver'], args['component_ref'])) - results = execute_reference_driver_tests(results, args['component_ref'], \ - args['component_driver'], outcome_file) + execute_reference_driver_tests(results, args['component_ref'], \ + args['component_driver'], outcome_file) ignored_suites = ['test_suite_' + x for x in args['ignored_suites']] outcomes = read_outcome_file(outcome_file) - results = analyze_driver_vs_reference(results, outcomes, - args['component_ref'], args['component_driver'], - ignored_suites, args['ignored_tests']) - - return results + analyze_driver_vs_reference(results, outcomes, + args['component_ref'], args['component_driver'], + ignored_suites, args['ignored_tests']) # List of tasks with a function that can handle this task and additional arguments if required KNOWN_TASKS = { @@ -688,7 +680,7 @@ def main(): for task in tasks_list: test_function = KNOWN_TASKS[task]['test_function'] test_args = KNOWN_TASKS[task]['args'] - main_results = test_function(main_results, options.outcomes, test_args) + test_function(main_results, options.outcomes, test_args) main_results.info("Overall results: {} warnings and {} errors", main_results.warning_count, main_results.error_count) From 4a493b267f55b21bf056af363f942862f7a9a754 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 17 Oct 2023 14:57:23 +0100 Subject: [PATCH 175/185] Reword error message on format of SAN arguments Signed-off-by: David Horstmann --- programs/x509/cert_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 8bee0a666f..d8660dc959 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -585,7 +585,7 @@ usage: *subtype_value++ = '\0'; } else { mbedtls_printf( - "Invalid argument for option SAN: Entry should be separated by a colon\n"); + "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From 9534dfd15bb8b38553c28c861bff25b2b90cfb03 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 17 Oct 2023 14:59:31 +0100 Subject: [PATCH 176/185] Reword error message on format of SAN arguments Signed-off-by: David Horstmann --- programs/x509/cert_req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index ff744a4309..7e2a6bd8ec 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -263,7 +263,7 @@ usage: *subtype_value++ = '\0'; } else { mbedtls_printf( - "Invalid argument for option SAN: Entry should be separated by a colon\n"); + "Invalid argument for option SAN: Entry must be of the form TYPE:value\n"); goto usage; } if (strcmp(q, "RFC822") == 0) { From 735794c7454c91ba06a1e0c518799b85ed00b99e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Oct 2023 08:05:15 +0200 Subject: [PATCH 177/185] analyze_outcomes: fix missing format for args/kwargs Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5f2e37877e..d0b72a859b 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -35,7 +35,7 @@ class Results: @staticmethod def _print_line(fmt, *args, **kwargs): - sys.stderr.write(fmt + '\n', *args, **kwargs) + sys.stderr.write((fmt + '\n').format(*args, **kwargs)) class TestCaseOutcomes: """The outcomes of one test case across many configurations.""" From 39d4b9d15bf6a89bc2d9ef59c064041c539ab38f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Oct 2023 14:30:03 +0200 Subject: [PATCH 178/185] analyze_outcomes: fix format interpolation errors Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index d0b72a859b..b522efb316 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -64,13 +64,12 @@ def execute_reference_driver_tests(results: Results, ref_component, driver_compo # If the outcome file already exists, we assume that the user wants to # perform the comparison analysis again without repeating the tests. if os.path.exists(outcome_file): - results.info("Outcome file (" + outcome_file + ") already exists. " + \ - "Tests will be skipped.") + results.info("Outcome file ({}) already exists. Tests will be skipped.", outcome_file) return shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \ " " + ref_component + " " + driver_component - results.info("Running: " + shell_command) + results.info("Running: {}", shell_command) ret_val = subprocess.run(shell_command.split(), check=False).returncode if ret_val != 0: @@ -128,7 +127,7 @@ def analyze_driver_vs_reference(results: Results, outcomes, if component_ref in entry: reference_test_passed = True if(reference_test_passed and not driver_test_passed): - results.error(key) + results.error("Did not pass with driver: {}", key) def analyze_outcomes(results: Results, outcomes, args): """Run all analyses on the given outcome collection.""" @@ -164,8 +163,8 @@ def do_analyze_coverage(results: Results, outcome_file, args): def do_analyze_driver_vs_reference(results: Results, outcome_file, args): """Perform driver vs reference analyze.""" - results.info("*** Analyze driver {} vs reference {} ***".format( - args['component_driver'], args['component_ref'])) + results.info("*** Analyze driver {} vs reference {} ***", + args['component_driver'], args['component_ref']) execute_reference_driver_tests(results, args['component_ref'], \ args['component_driver'], outcome_file) From 2cff82069e6933358cb03c5f87a169fad52acf38 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 18 Oct 2023 14:36:47 +0200 Subject: [PATCH 179/185] analyze_outcomes: add new_section() method to the Results class Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index b522efb316..9254331189 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -22,6 +22,9 @@ class Results: self.error_count = 0 self.warning_count = 0 + def new_section(self, fmt, *args, **kwargs): + self._print_line('\n*** ' + fmt + ' ***\n', *args, **kwargs) + def info(self, fmt, *args, **kwargs): self._print_line('Info: ' + fmt, *args, **kwargs) @@ -157,14 +160,14 @@ by a semicolon. def do_analyze_coverage(results: Results, outcome_file, args): """Perform coverage analysis.""" - results.info("*** Analyze coverage ***") + results.new_section("Analyze coverage") outcomes = read_outcome_file(outcome_file) analyze_outcomes(results, outcomes, args) def do_analyze_driver_vs_reference(results: Results, outcome_file, args): """Perform driver vs reference analyze.""" - results.info("*** Analyze driver {} vs reference {} ***", - args['component_driver'], args['component_ref']) + results.new_section("Analyze driver {} vs reference {}", + args['component_driver'], args['component_ref']) execute_reference_driver_tests(results, args['component_ref'], \ args['component_driver'], outcome_file) From 3bda79ba9f6404f1aecaa08838238490f1703020 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 18 Oct 2023 15:09:09 +0100 Subject: [PATCH 180/185] Move initialisation in test to before first test Calling mbedtls_cipher_free() on a context that was not initialised is dangerous, and this could happen if the first test in check_set_padding() failed. Signed-off-by: Paul Elliott --- tests/suites/test_suite_cipher.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index e6970129ea..3140ba9edc 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1218,6 +1218,8 @@ void check_set_padding(int cipher_id) const mbedtls_cipher_info_t *cipher_info; size_t keylen = 0; + mbedtls_cipher_init(&ctx); + cipher_info = mbedtls_cipher_info_from_type(cipher_id); if (cipher_info->mode != MBEDTLS_MODE_CBC) { @@ -1228,8 +1230,6 @@ void check_set_padding(int cipher_id) TEST_CALLOC(key, keylen/8); memset(key, 0, keylen/8); - mbedtls_cipher_init(&ctx); - TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, From 0df6d9688add33721fbae9d9a098a3cc49a584f6 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 11 Oct 2023 13:27:25 +0800 Subject: [PATCH 181/185] all.sh: fix a typo in comment Signed-off-by: Yanray Wang --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9290aa6d91..baa2b600f1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -864,7 +864,7 @@ pre_generate_files() { # Example: # loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" # helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" -# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any +# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any # additional arguments will be passed to make: this can be useful if # you don't want to build everything when iterating during development. # Example: From af5003a1577d2798e90a7f3c1824b9e6d0145bdf Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 11 Oct 2023 11:57:10 +0800 Subject: [PATCH 182/185] CMAC: accelerate CMAC in accel_cipher Signed-off-by: Yanray Wang --- .../crypto_config_test_driver_extension.h | 9 ++++++++- tests/scripts/all.sh | 19 ++++++++++--------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index ef8c88a668..b0bbc44211 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -32,6 +32,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_CMAC) +#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#undef MBEDTLS_PSA_ACCEL_ALG_CMAC +#else +#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 +#endif +#endif + #if defined(PSA_WANT_ALG_CTR) #if defined(MBEDTLS_PSA_ACCEL_ALG_CTR) #undef MBEDTLS_PSA_ACCEL_ALG_CTR @@ -395,7 +403,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 -#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index baa2b600f1..17f894a7b9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3528,22 +3528,22 @@ component_test_psa_crypto_config_reference_hash_use_psa() { component_test_psa_crypto_config_accel_cipher () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher" - loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES" + loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \ + ALG_CTR ALG_CFB ALG_OFB ALG_XTS \ + KEY_TYPE_DES ALG_CMAC" # Configure # --------- + # There is no intended accelerator support for STREAM_CIPHER and + # ECB_NO_PADDING. Therefore, asking for them in the build implies the + # inclusion of the Mbed TLS cipher operations. As we want to test here with + # cipher operations solely supported by accelerators, disabled those + # PSA configuration options by helper_libtestdriver1_adjust_config. + # Start from the full config helper_libtestdriver1_adjust_config "full" - # There is no intended accelerator support for ALG CMAC. Therefore, asking - # for it in the build implies the inclusion of the Mbed TLS cipher - # operations. As we want to test here with cipher operations solely - # supported by accelerators, disabled this PSA configuration option. - # (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are - # already disabled by helper_libtestdriver1_adjust_config above.) - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC - # Disable the things that are being accelerated scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CIPHER_PADDING_PKCS7 @@ -3552,6 +3552,7 @@ component_test_psa_crypto_config_accel_cipher () { scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS scripts/config.py unset MBEDTLS_DES_C + scripts/config.py unset MBEDTLS_CMAC_C # Build # ----- From 893623fb289d170e0a32ea8dbb26cb7bba469434 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 16 Oct 2023 11:55:37 +0800 Subject: [PATCH 183/185] PBKDF2-AES-CMAC: remove not needed preprocessor directive PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA, we don't need to additionally enable builtin AES-CMAC or builtin KEY-TYPE-AES. Signed-off-by: Yanray Wang --- include/mbedtls/config_adjust_legacy_from_psa.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index e3c2ed117d..5c294e914a 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -724,8 +724,7 @@ #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \ - defined(PSA_HAVE_SOFT_PBKDF2_CMAC) + defined(PSA_HAVE_SOFT_BLOCK_AEAD) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #define MBEDTLS_AES_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ @@ -796,8 +795,7 @@ #if defined(PSA_WANT_ALG_CMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \ - defined(PSA_HAVE_SOFT_PBKDF2_CMAC) + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ From 3d43434953767d64a8bb1770e506157e1dbcc07e Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 16 Oct 2023 14:03:52 +0800 Subject: [PATCH 184/185] test_suite_psa_crypto_driver_wrappers.data: fix dependency There are some fallback test cases which should rely on builtin implementations. This commit adjusts them with correct dependencies. Signed-off-by: Yanray Wang --- ...test_suite_psa_crypto_driver_wrappers.data | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 54558f0f09..8ba3b79977 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -340,11 +340,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt multipart: AES-CTR, 15 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fake @@ -372,7 +372,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fallback -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER +depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fake @@ -460,7 +460,7 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS PSA AEAD encrypt: AES-CCM, 24 bytes, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY @@ -472,7 +472,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY @@ -484,7 +484,7 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS PSA AEAD decrypt: AES-CCM, 39 bytes, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY @@ -496,7 +496,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY @@ -536,7 +536,7 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS PSA MAC sign, fallback: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED PSA MAC sign, driver reports error: CMAC-AES-128 @@ -576,7 +576,7 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS PSA MAC verify, fallback: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED PSA MAC verify, driver reports error: CMAC-AES-128 @@ -802,7 +802,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_SUCCESS:PSA_SUCCESS PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY @@ -814,7 +814,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS:PSA_SUCCESS PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, fallback -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory From 22334a202aea9302222fa0451652fdc688fdabaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 19 Oct 2023 11:27:33 +0200 Subject: [PATCH 185/185] Fix some dependencies in ssl-opt.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These are explicitly PSA tests, so use PSA_WANT. Was missed by analyze_outcomes.py because those test cases were not listed properly, which will be fixed by #8088. Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0dcff67962..51d59bbbf1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2572,32 +2572,32 @@ run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 -requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_521 run_test_psa_force_curve "secp521r1" -requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED +requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512 run_test_psa_force_curve "brainpoolP512r1" -requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_384 run_test_psa_force_curve "secp384r1" -requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED +requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384 run_test_psa_force_curve "brainpoolP384r1" -requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_256 run_test_psa_force_curve "secp256r1" -requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_K1_256 run_test_psa_force_curve "secp256k1" -requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED +requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256 run_test_psa_force_curve "brainpoolP256r1" -requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_224 run_test_psa_force_curve "secp224r1" ## SECP224K1 is buggy via the PSA API ## (https://github.com/Mbed-TLS/mbedtls/issues/3541), ## so it is disabled in PSA even when it's enabled in Mbed TLS. ## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but ## dependencies on PSA symbols in ssl-opt.sh are not implemented yet. -#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED +#requires_config_enabled PSA_WANT_ECC_SECP_K1_224 #run_test_psa_force_curve "secp224k1" -requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_R1_192 run_test_psa_force_curve "secp192r1" -requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED +requires_config_enabled PSA_WANT_ECC_SECP_K1_192 run_test_psa_force_curve "secp192k1" # Test current time in ServerHello