From c9deb184b0bf5e72d5761d06af0db165676e0f8a Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Mon, 16 Nov 2020 19:03:12 +0000 Subject: [PATCH 001/139] mbedtls: add support for pkcs7 PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens Signed-off-by: Eric Richter Signed-off-by: Nayna Jain --- include/mbedtls/asn1.h | 3 +- include/mbedtls/check_config.h | 7 + include/mbedtls/error.h | 1 + include/mbedtls/mbedtls_config.h | 15 + include/mbedtls/oid.h | 11 + include/mbedtls/pkcs7.h | 224 ++++++++++ library/Makefile | 1 + library/pkcs7.c | 561 +++++++++++++++++++++++++ scripts/config.py | 1 + tests/data_files/Makefile | 92 ++++ tests/suites/test_suite_pkcs7.data | 53 +++ tests/suites/test_suite_pkcs7.function | 420 ++++++++++++++++++ 12 files changed, 1388 insertions(+), 1 deletion(-) create mode 100644 include/mbedtls/pkcs7.h create mode 100644 library/pkcs7.c create mode 100644 tests/suites/test_suite_pkcs7.data create mode 100644 tests/suites/test_suite_pkcs7.function diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index be2cae7b5a..21ade1bdbb 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -38,8 +38,9 @@ /** * \name ASN1 Error codes - * These error codes are OR'ed to X509 error codes for + * These error codes are combined with other error codes for * higher error granularity. + * e.g. X.509 and PKCS #7 error codes * ASN1 is a standard to specify data structures. * \{ */ diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b5d2c40f21..dcb6392f1c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -989,6 +989,13 @@ #error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/Mbed-TLS/mbedtls/issues/4341" #endif +#if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ + ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ + ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\ + ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) ) +#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b2b9ea580..08504329b9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -95,6 +95,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) + * PKCS7 5 12 (Started from 0x5300) * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 22 (Started from top, plus 0x6000) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index e9487b28f0..45dd2748cf 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2660,6 +2660,21 @@ */ #define MBEDTLS_PKCS5_C +/** + * \def MBEDTLS_PKCS7_C + * + * Enable PKCS7 core for using PKCS7 formatted signatures. + * RFC Link - https://tools.ietf.org/html/rfc2315 + * + * Module: library/pkcs7.c + * + * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, + * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, MBEDTLS_BIGNUM_C + * + * This module is required for the PKCS7 parsing modules. + */ +#define MBEDTLS_PKCS7_C + /** * \def MBEDTLS_PKCS12_C * diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 4ee3f93fbe..e5c4b92493 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -220,6 +220,7 @@ #define MBEDTLS_OID_PKCS MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */ #define MBEDTLS_OID_PKCS1 MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */ #define MBEDTLS_OID_PKCS5 MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */ +#define MBEDTLS_OID_PKCS7 MBEDTLS_OID_PKCS "\x07" /**< pkcs-7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } */ #define MBEDTLS_OID_PKCS9 MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */ #define MBEDTLS_OID_PKCS12 MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */ @@ -300,6 +301,16 @@ #define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ #define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */ +/* + * PKCS#7 OIDs + */ +#define MBEDTLS_OID_PKCS7_DATA MBEDTLS_OID_PKCS7 "\x01" /**< Content type is Data OBJECT IDENTIFIER ::= {pkcs-7 1} */ +#define MBEDTLS_OID_PKCS7_SIGNED_DATA MBEDTLS_OID_PKCS7 "\x02" /**< Content type is Signed Data OBJECT IDENTIFIER ::= {pkcs-7 2} */ +#define MBEDTLS_OID_PKCS7_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x03" /**< Content type is Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 3} */ +#define MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA MBEDTLS_OID_PKCS7 "\x04" /**< Content type is Signed and Enveloped Data OBJECT IDENTIFIER ::= {pkcs-7 4} */ +#define MBEDTLS_OID_PKCS7_DIGESTED_DATA MBEDTLS_OID_PKCS7 "\x05" /**< Content type is Digested Data OBJECT IDENTIFIER ::= {pkcs-7 5} */ +#define MBEDTLS_OID_PKCS7_ENCRYPTED_DATA MBEDTLS_OID_PKCS7 "\x06" /**< Content type is Encrypted Data OBJECT IDENTIFIER ::= {pkcs-7 6} */ + /* * PKCS#8 OIDs */ diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h new file mode 100644 index 0000000000..3f87dc3e28 --- /dev/null +++ b/include/mbedtls/pkcs7.h @@ -0,0 +1,224 @@ +/** + * \file pkcs7.h + * + * \brief PKCS7 generic defines and structures + * https://tools.ietf.org/html/rfc2315 + */ +/* + * Copyright (C) 2019, IBM Corp, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +/** + * Note: For the time being, this application of the PKCS7 cryptographic + * message syntax is a partial implementation of RFC 2315. + * Differences include: + * - The RFC specifies 6 different content types. The only type currently + * supported in MbedTLS is the signed data content type. + * - The only supported PKCS7 Signed Data syntax version is version 1 + * - The RFC specifies support for BER. This application is limited to + * DER only. + * - The RFC specifies that multiple digest algorithms can be specified + * in the Signed Data type. Only one digest algorithm is supported in MbedTLS. + * - The RFC specifies the Signed Data certificate format can be + * X509 or PKCS6. The only type currently supported in MbedTLS is X509. + * - The RFC specifies the Signed Data type can contain + * certificate-revocation lists (crls). This application has no support + * for crls so it is assumed to be an empty list. + * - The RFC specifies support for multiple signers. This application only + * supports the Signed Data type with a single signer. + */ + +#ifndef MBEDTLS_PKCS7_H +#define MBEDTLS_PKCS7_H + +#include "mbedtls/build_info.h" + +#include "asn1.h" +#include "x509.h" +#include "x509_crt.h" + +/** + * \name PKCS7 Module Error codes + * \{ + */ +#define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 /**< The format is invalid, e.g. different type expected. */ +#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x53F0 /**< Unavailable feature, e.g. anything other than signed data. */ +#define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 /**< The PKCS7 version element is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x54F0 /**< The PKCS7 content info invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x55F0 /**< The certificate tag or value is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x56F0 /**< Error parsing the signer's info */ +#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x57F0 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ +/* \} name */ + +/** + * \name PKCS7 Supported Version + * \{ + */ +#define MBEDTLS_PKCS7_SUPPORTED_VERSION 0x01 +/* \} name */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Type-length-value structure that allows for ASN1 using DER. + */ +typedef mbedtls_asn1_buf mbedtls_pkcs7_buf; + +/** + * Container for ASN1 named information objects. + * It allows for Relative Distinguished Names (e.g. cn=localhost,ou=code,etc.). + */ +typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; + +/** + * Container for a sequence of ASN.1 items + */ +typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; + +/** + * Structure holding PKCS7 signer info + */ +typedef struct mbedtls_pkcs7_signer_info +{ + int version; + mbedtls_x509_buf serial; + mbedtls_x509_name issuer; + mbedtls_x509_buf issuer_raw; + mbedtls_x509_buf alg_identifier; + mbedtls_x509_buf sig_alg_identifier; + mbedtls_x509_buf sig; + struct mbedtls_pkcs7_signer_info *next; +} +mbedtls_pkcs7_signer_info; + +/** + * Structure holding attached data as part of PKCS7 signed data format + */ +typedef struct mbedtls_pkcs7_data +{ + mbedtls_pkcs7_buf oid; + mbedtls_pkcs7_buf data; +} +mbedtls_pkcs7_data; + +/** + * Structure holding the signed data section + */ +typedef struct mbedtls_pkcs7_signed_data +{ + int version; + mbedtls_pkcs7_buf digest_alg_identifiers; + struct mbedtls_pkcs7_data content; + int no_of_certs; + mbedtls_x509_crt certs; + int no_of_crls; + mbedtls_x509_crl crl; + int no_of_signers; + mbedtls_pkcs7_signer_info signers; +} +mbedtls_pkcs7_signed_data; + +/** + * Structure holding PKCS7 structure, only signed data for now + */ +typedef struct mbedtls_pkcs7 +{ + mbedtls_pkcs7_buf raw; + mbedtls_pkcs7_buf content_type_oid; + mbedtls_pkcs7_signed_data signed_data; +} +mbedtls_pkcs7; + +/** + * \brief Initialize pkcs7 structure. + * + * \param pkcs7 pkcs7 structure. + */ +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ); + +/** + * \brief Parse a single DER formatted pkcs7 content. + * + * \param pkcs7 The pkcs7 structure to be filled by parser for the output. + * \param buf The buffer holding the DER encoded pkcs7. + * \param buflen The size in Bytes of \p buf. + * + * \note This function makes an internal copy of the PKCS7 buffer + * \p buf. In particular, \p buf may be destroyed or reused + * after this call returns. + * + * \return \c 0, if successful. + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, + const size_t buflen ); + +/** + * \brief Verification of PKCS7 signature. + * + * \param pkcs7 PKCS7 structure containing signature. + * \param cert Certificate containing key to verify signature. + * \param data Plain data on which signature has to be verified. + * \param datalen Length of the data. + * + * \note This function internally calculates the hash on the supplied + * plain data for signature verification. + * + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen ); + +/** + * \brief Verification of PKCS7 signature. + * + * \param pkcs7 PKCS7 structure containing signature. + * \param cert Certificate containing key to verify signature. + * \param hash Hash of the plain data on which signature has to be verified. + * \param hashlen Length of the hash. + * + * \note This function is different from mbedtls_pkcs7_signed_data_verify() + * in a way that it directly recieves the hash of the data. + * + * \return A negative error code on failure. + */ +int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *hash, size_t hashlen); + +/** + * \brief Unallocate all PKCS7 data and zeroize the memory. + * It doesn't free pkcs7 itself. It should be done by the caller. + * + * \param pkcs7 PKCS7 structure to free. + */ +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ); + +#ifdef __cplusplus +} +#endif + +#endif /* pkcs7.h */ diff --git a/library/Makefile b/library/Makefile index 85cea6b08d..a780267061 100644 --- a/library/Makefile +++ b/library/Makefile @@ -165,6 +165,7 @@ OBJS_X509= \ x509_csr.o \ x509write_crt.o \ x509write_csr.o \ + pkcs7.o \ # This line is intentionally left blank OBJS_TLS= \ diff --git a/library/pkcs7.c b/library/pkcs7.c new file mode 100644 index 0000000000..c3236e188a --- /dev/null +++ b/library/pkcs7.c @@ -0,0 +1,561 @@ +/* Copyright 2019 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "common.h" + +#include "mbedtls/build_info.h" +#if defined(MBEDTLS_PKCS7_C) +#include "mbedtls/pkcs7.h" +#include "mbedtls/x509.h" +#include "mbedtls/asn1.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" + +#include +#include +#include +#if defined(MBEDTLS_FS_IO) +#include +#include +#endif + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#include "mbedtls/platform_util.h" +#else +#include +#include +#define mbedtls_free free +#define mbedtls_calloc calloc +#define mbedtls_printf printf +#define mbedtls_snprintf snprintf +#endif + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#if defined(MBEDTLS_HAVE_TIME_DATE) +#include +#endif + +/** + * Initializes the pkcs7 structure. + */ +void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ) +{ + memset( pkcs7, 0, sizeof( mbedtls_pkcs7 ) ); + pkcs7->raw.p = NULL; +} + +static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, + size_t *len ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + { + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + } + + return( 0 ); +} + +/** + * version Version + * Version ::= INTEGER + **/ +static int pkcs7_get_version( unsigned char **p, unsigned char *end, int *ver ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_VERSION + ret ); + + /* If version != 1, return invalid version */ + if( *ver != MBEDTLS_PKCS7_SUPPORTED_VERSION ) + return( MBEDTLS_ERR_PKCS7_INVALID_VERSION ); + + return( 0 ); +} + +/** + * ContentInfo ::= SEQUENCE { + * contentType ContentType, + * content + * [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL } + **/ +static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_buf *pkcs7 ) +{ + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + + pkcs7->tag = MBEDTLS_ASN1_OID; + pkcs7->len = len; + pkcs7->p = *p; + + return( ret ); +} + +/** + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * + * This is from x509.h + **/ +static int pkcs7_get_digest_algorithm( unsigned char **p, unsigned char *end, + mbedtls_x509_buf *alg ) +{ + int ret; + + if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + + return( 0 ); +} + +/** + * DigestAlgorithmIdentifiers :: SET of DigestAlgorithmIdentifier + **/ +static int pkcs7_get_digest_algorithm_set( unsigned char **p, + unsigned char *end, + mbedtls_x509_buf *alg ) +{ + size_t len = 0; + int ret; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + end = *p + len; + + /** For now, it assumes there is only one digest algorithm specified **/ + ret = mbedtls_asn1_get_alg_null( p, end, alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + + if ( *p != end ) + return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT ); + + return( 0 ); +} + +/** + * certificates :: SET OF ExtendedCertificateOrCertificate, + * ExtendedCertificateOrCertificate ::= CHOICE { + * certificate Certificate -- x509, + * extendedCertificate[0] IMPLICIT ExtendedCertificate } + * Return number of certificates added to the signed data, + * 0 or higher is valid. + * Return negative error code for failure. + **/ +static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, + mbedtls_x509_crt *certs ) +{ + int ret; + size_t len1 = 0; + size_t len2 = 0; + unsigned char *end_set, *end_cert; + unsigned char *start = *p; + + if( ( ret = mbedtls_asn1_get_tag( p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + { + if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) + return( 0 ); + + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + } + start = *p; + end_set = *p + len1; + + ret = mbedtls_asn1_get_tag( p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_CERT + ret ); + + end_cert = *p + len2; + + /* + * This is to verify that there is only one signer certificate. It seems it is + * not easy to differentiate between the chain vs different signer's certificate. + * So, we support only the root certificate and the single signer. + * The behaviour would be improved with addition of multiple signer support. + */ + if (end_cert != end_set) + return ( MBEDTLS_ERR_PKCS7_INVALID_CERT ); + + *p = start; + if( ( ret = mbedtls_x509_crt_parse( certs, *p, len1 ) ) < 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_CERT ); + + *p = *p + len1; + + /* Since in this version we strictly support single certificate, and reaching + * here implies we have parsed successfully, we return 1. */ + + return( 1 ); +} + +/** + * EncryptedDigest ::= OCTET STRING + **/ +static int pkcs7_get_signature( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_buf *signature ) +{ + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OCTET_STRING ); + if( ret != 0 ) + return( ret ); + + signature->tag = MBEDTLS_ASN1_OCTET_STRING; + signature->len = len; + signature->p = *p; + + *p = *p + len; + + return( 0 ); +} + +/** + * SignerInfos ::= SET of SignerInfo + * SignerInfo ::= SEQUENCE { + * version Version; + * issuerAndSerialNumber IssuerAndSerialNumber, + * digestAlgorithm DigestAlgorithmIdentifier, + * authenticatedAttributes + * [0] IMPLICIT Attributes OPTIONAL, + * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + * encryptedDigest EncryptedDigest, + * unauthenticatedAttributes + * [1] IMPLICIT Attributes OPTIONAL, + * Return number of signers added to the signed data, + * 0 or higher is valid. + * Return negative error code for failure. + **/ +static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_signer_info *signers_set ) +{ + unsigned char *end_set, *end_set_signer; + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SET ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + end_set = *p + len; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + end_set_signer = *p + len; + if (end_set_signer != end_set) + return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + end_set = end_set_signer; + + ret = mbedtls_asn1_get_int( p, end_set, &signers_set->version ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + /* Parsing IssuerAndSerialNumber */ + signers_set->issuer_raw.p = *p; + + ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + ret = mbedtls_x509_get_name( p, *p + len, &signers_set->issuer ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + signers_set->issuer_raw.len = *p - signers_set->issuer_raw.p; + + ret = mbedtls_x509_get_serial( p, end_set, &signers_set->serial ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_digest_algorithm( p, end_set, &signers_set->alg_identifier ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_digest_algorithm( p, end_set, &signers_set->sig_alg_identifier ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_signature( p, end_set, &signers_set->sig ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + signers_set->next = NULL; + + if (*p != end_set) + return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + /* Since in this version we strictly support single signer, and reaching + * here implies we have parsed successfully, we return 1. */ + + return( 1 ); +} + +/** + * SignedData ::= SEQUENCE { + * version Version, + * digestAlgorithms DigestAlgorithmIdentifiers, + * contentInfo ContentInfo, + * certificates + * [0] IMPLICIT ExtendedCertificatesAndCertificates + * OPTIONAL, + * crls + * [0] IMPLICIT CertificateRevocationLists OPTIONAL, + * signerInfos SignerInfos } + */ +static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, + mbedtls_pkcs7_signed_data *signed_data ) +{ + unsigned char *p = buf; + unsigned char *end = buf + buflen; + unsigned char *end_set; + size_t len = 0; + int ret; + mbedtls_md_type_t md_alg; + + ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + + end_set = p + len; + + /* Get version of signed data */ + ret = pkcs7_get_version( &p, end_set, &signed_data->version ); + if( ret != 0 ) + return( ret ); + + /* Get digest algorithm */ + ret = pkcs7_get_digest_algorithm_set( &p, end_set, + &signed_data->digest_alg_identifiers ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_oid_get_md_alg( &signed_data->digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + + /* Do not expect any content */ + ret = pkcs7_get_content_info_type( &p, end_set, &signed_data->content.oid ); + if( ret != 0 ) + return( ret ); + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid ) ) + { + return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO ) ; + } + + p = p + signed_data->content.oid.len; + + /* Look for certificates, there may or may not be any */ + mbedtls_x509_crt_init( &signed_data->certs ); + ret = pkcs7_get_certificates( &p, end_set, &signed_data->certs ); + if( ret < 0 ) + return( ret ) ; + + signed_data->no_of_certs = ret; + + /* + * Currently CRLs are not supported. If CRL exist, the parsing will fail + * at next step of getting signers info and return error as invalid + * signer info. + */ + + signed_data->no_of_crls = 0; + + /* Get signers info */ + ret = pkcs7_get_signers_info_set( &p, end_set, &signed_data->signers ); + if( ret < 0 ) + return( ret ); + + signed_data->no_of_signers = ret; + + /* Support single signer */ + if ( p != end ) + ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; + + ret = 0; + return( ret ); +} + +int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, + const size_t buflen ) +{ + unsigned char *start; + unsigned char *end; + size_t len = 0; + int ret; + + if( !pkcs7 ) + return( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); + + /* make an internal copy of the buffer for parsing */ + pkcs7->raw.p = start = mbedtls_calloc( 1, buflen ); + if( pkcs7->raw.p == NULL ) + { + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + } + memcpy( start, buf, buflen ); + pkcs7->raw.len = buflen; + end = start + buflen; + + ret = pkcs7_get_content_info_type( &start, end, &pkcs7->content_type_oid ); + if( ret != 0 ) + goto out; + + if( ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid ) + || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) ) + { + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; + goto out; + } + + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid ) ) + { + ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + goto out; + } + + start = start + pkcs7->content_type_oid.len; + + ret = pkcs7_get_next_content_len( &start, end, &len ); + if( ret != 0 ) + goto out; + + ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); + +out: + if ( ret != 0 ) + mbedtls_pkcs7_free( pkcs7 ); + return( ret ); +} + +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen ) +{ + + int ret; + unsigned char *hash; + mbedtls_pk_context pk_cxt = cert->pk; + const mbedtls_md_info_t *md_info; + mbedtls_md_type_t md_alg; + + ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + + md_info = mbedtls_md_info_from_type( md_alg ); + + hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); + if( hash == NULL ) { + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + } + + mbedtls_md( md_info, data, datalen, hash ); + + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, 0, + pkcs7->signed_data.signers.sig.p, + pkcs7->signed_data.signers.sig.len ); + + mbedtls_free( hash ); + + return( ret ); +} + +int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *hash, size_t hashlen) +{ + int ret; + mbedtls_md_type_t md_alg; + mbedtls_pk_context pk_cxt; + + ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + + pk_cxt = cert->pk; + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, hashlen, + pkcs7->signed_data.signers.sig.p, + pkcs7->signed_data.signers.sig.len ); + + return ( ret ); +} + +/* + * Unallocate all pkcs7 data + */ +void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ) +{ + mbedtls_x509_name *name_cur; + mbedtls_x509_name *name_prv; + + if( pkcs7 == NULL || pkcs7->raw.p == NULL ) + return; + + mbedtls_free( pkcs7->raw.p ); + + mbedtls_x509_crt_free( &pkcs7->signed_data.certs ); + mbedtls_x509_crl_free( &pkcs7->signed_data.crl ); + + name_cur = pkcs7->signed_data.signers.issuer.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + mbedtls_free( name_prv ); + } + + pkcs7->raw.p = NULL; +} + +#endif diff --git a/scripts/config.py b/scripts/config.py index f045f98f95..1e0f8270ce 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -306,6 +306,7 @@ def include_in_crypto(name): if name in [ 'MBEDTLS_DEBUG_C', # part of libmbedtls 'MBEDTLS_NET_C', # part of libmbedtls + 'MBEDTLS_PKCS7_C', # part of libmbedx509 ]: return False return True diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 6187d17bc3..288b01f184 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1131,6 +1131,98 @@ ecdsa_secp521r1.crt: ecdsa_secp521r1.csr all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key +# PKCS7 test data +pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt +pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt +pkcs7_test_file = pkcs7_data.txt + +# Generate signing cert +pkcs7-rsa-sha256-1.crt: + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt + cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem +all_final += pkcs7-rsa-sha256-1.crt + +pkcs7-rsa-sha256-2.crt: + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt + cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem +all_final += pkcs7-rsa-sha256-2.crt + +# Generate data file to be signed +pkcs7_data.txt: + echo "Hello" > $@ + echo 2 >> pkcs7_data_1.txt +all_final += pkcs7_data.txt + +# Generate another data file to check hash mismatch during certificate verification +pkcs7_data_1.txt: $(pkcs7_test_file) + cat $(pkcs7_test_file) > $@ + echo 2 >> $@ +all_final += pkcs7_data_1.txt + +# pkcs7 signature file with CERT +pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ +all_final += pkcs7_data_cert_signed_sha256.der + +# pkcs7 signature file with CERT and sha1 +pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ +all_final += pkcs7_data_cert_signed_sha1.der + +# pkcs7 signature file with CERT and sha512 +pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ +all_final += pkcs7_data_cert_signed_sha512.der + +# pkcs7 signature file without CERT +pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ +all_final += pkcs7_data_without_cert_signed.der + +# pkcs7 signature file with multiple signers +pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ +all_final += pkcs7_data_multiple_signed.der + +# pkcs7 signature file with multiple certificates +pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) + $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ +all_final += pkcs7_data_multiple_certs_signed.der + +# pkcs7 signature file with corrupted CERT +pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der + cp pkcs7_data_cert_signed_sha256.der $@ + echo -en '\xa1' | dd of=$@ bs=1 seek=547 conv=notrunc +all_final += pkcs7_data_signed_badcert.der + +# pkcs7 signature file with corrupted signer info +pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der + cp pkcs7_data_cert_signed_sha256.der $@ + echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc +all_final += pkcs7_data_signed_badsigner.der + +# pkcs7 file with version 2 +pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der + cp pkcs7_data_cert_signed_sha256.der $@ + echo -en '\x02' | dd of=$@ bs=1 seek=25 conv=notrunc +all_final += pkcs7_data_cert_signed_v2.der + +pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) + $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.txt -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt +all_final += pkcs7_data_cert_encrypted.der + +## Negative tests +# For some interesting sizes, what happens if we make them off-by-one? +pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der + cp $< $@ + echo -en '\x35' | dd of=$@ seek=919 bs=1 conv=notrunc +all_final += pkcs7_signerInfo_issuer_invalid_size.der + +pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der + cp $< $@ + echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc +all_final += pkcs7_signerInfo_serial_invalid_size.der + ################################################################ #### Diffie-Hellman parameters ################################################################ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data new file mode 100644 index 0000000000..870e83bb84 --- /dev/null +++ b/tests/suites/test_suite_pkcs7.data @@ -0,0 +1,53 @@ +PKCS7 Signed Data Parse Pass SHA256 #1 +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der" + +PKCS7 Signed Data Parse Pass SHA1 #2 +depends_on:MBEDTLS_SHA1_C +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der" + +PKCS7 Signed Data Parse Pass Without CERT #3 +pkcs7_parse_without_cert:"data_files/pkcs7_data_without_cert_signed.der" + +PKCS7 Signed Data Parse Fail with multiple signers #4 +pkcs7_parse_multiple_signers:"data_files/pkcs7_data_multiple_signed.der" + +PKCS7 Signed Data Parse Fail with multiple certs #4 +pkcs7_parse_multiple_signers:"data_files/pkcs7_data_multiple_certs_signed.der" + +PKCS7 Signed Data Parse Fail with corrupted cert #5 +pkcs7_parse_corrupted_cert:"data_files/pkcs7_data_signed_badcert.der" + +PKCS7 Signed Data Parse Fail with corrupted signer info #6 +pkcs7_parse_corrupted_signer_info:"data_files/pkcs7_data_signed_badsigner.der" + +PKCS7 Signed Data Parse Fail Version other than 1 #7 +pkcs7_parse_version:"data_files/pkcs7_data_cert_signed_v2.der" + +PKCS7 Signed Data Parse Fail Encrypted Content #8 +pkcs7_parse_content_oid:"data_files/pkcs7_data_cert_encrypted.der" + +PKCS7 Signed Data Verification Pass SHA256 #9 +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" + +PKCS7 Signed Data Verification Pass SHA256 #9.1 +pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" + +PKCS7 Signed Data Verification Pass SHA1 #10 +depends_on:MBEDTLS_SHA1_C +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" + +PKCS7 Signed Data Verification Pass SHA512 #11 +depends_on:MBEDTLS_SHA512_C +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" + +PKCS7 Signed Data Verification Fail because of different certificate #12 +pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.txt" + +PKCS7 Signed Data Verification Fail because of different data hash #13 +pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data_1.txt" + +PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 +pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der" + +PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 +pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function new file mode 100644 index 0000000000..b5ef2ef361 --- /dev/null +++ b/tests/suites/test_suite_pkcs7.function @@ -0,0 +1,420 @@ +/* BEGIN_HEADER */ +#include "mbedtls/bignum.h" +#include "mbedtls/pkcs7.h" +#include "mbedtls/x509.h" +#include "mbedtls/x509_crt.h" +#include "mbedtls/x509_crl.h" +#include "mbedtls/oid.h" +#include "sys/types.h" +#include "sys/stat.h" +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PKCS7_C:MBEDTLS_FS_IO + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_parse( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C*/ +void pkcs7_parse_without_cert( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_parse_multiple_signers( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res < 0 ); + + switch ( res ){ + case MBEDTLS_ERR_PKCS7_INVALID_CERT: + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); + break; + + case MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO: + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + break; + default: + TEST_ASSERT(0); + } + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_parse_corrupted_cert( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_parse_corrupted_signer_info( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res < 0 ); + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void pkcs7_parse_version( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_VERSION ); + +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ +void pkcs7_parse_content_oid( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res != 0 ); + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE ); +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + struct stat st; + size_t datalen; + int res; + FILE *file; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509; + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509 ); + + res = mbedtls_x509_crt_parse_file( &x509, crt ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + mbedtls_free( pkcs7_buf ); + + res = stat(filetobesigned, &st); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "rb" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = mbedtls_calloc( datalen, 1 ); + buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen); + + fclose(file); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_x509_crt_free( &x509 ); + mbedtls_free( data ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + unsigned char hash[32]; + struct stat st; + size_t datalen; + int res; + FILE *file; + const mbedtls_md_info_t *md_info; + mbedtls_md_type_t md_alg; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509; + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509 ); + + res = mbedtls_x509_crt_parse_file( &x509, crt ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + + res = stat(filetobesigned, &st); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "rb" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = mbedtls_calloc( datalen, 1 ); + TEST_ASSERT( data != NULL); + + buflen = fread( (void *)data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen); + fclose( file ); + + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + + md_info = mbedtls_md_info_from_type( md_alg ); + + mbedtls_md( md_info, data, datalen, hash ); + + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash)); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_x509_crt_free( &x509 ); + mbedtls_free( data ); + mbedtls_pkcs7_free( &pkcs7 ); + mbedtls_free( pkcs7_buf ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + struct stat st; + size_t datalen; + int res; + FILE *file; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509; + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_x509_crt_parse_file( &x509, crt ); + TEST_ASSERT( res == 0 ); + + res = stat(filetobesigned, &st); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "rb" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = mbedtls_calloc( datalen, 1 ); + buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen); + + fclose(file); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); + TEST_ASSERT( res != 0 ); + +exit: + mbedtls_x509_crt_free( &x509 ); + mbedtls_free( data ); + mbedtls_pkcs7_free( &pkcs7 ); + mbedtls_free( pkcs7_buf ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ +void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + struct stat st; + size_t datalen; + int res; + FILE *file; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509; + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_x509_crt_parse_file( &x509, crt ); + TEST_ASSERT( res == 0 ); + + res = stat(filetobesigned, &st); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "rb" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = mbedtls_calloc( datalen, 1 ); + buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen); + + fclose(file); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); + TEST_ASSERT( res != 0 ); + +exit: + mbedtls_x509_crt_free( &x509 ); + mbedtls_pkcs7_free( &pkcs7 ); + mbedtls_free( data ); + mbedtls_free( pkcs7_buf ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pkcs7_parse_failure( char *pkcs7_file ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + int res; + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res != 0 ); +exit: + mbedtls_free( pkcs7_buf ); + mbedtls_pkcs7_free( &pkcs7 ); +} +/* END_CASE */ From 673a226698e1b268fbda06235c04618c9d94a5a1 Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Mon, 14 Dec 2020 22:44:49 +0000 Subject: [PATCH 002/139] pkcs7: add support for signed data OpenSSL provides APIs to generate only the signted data format PKCS7 i.e. without content type OID. This patch adds support to parse the data correctly even if formatted only as signed data Signed-off-by: Nayna Jain --- include/mbedtls/pkcs7.h | 16 ++++++++++++++- library/pkcs7.c | 27 +++++++++++++++++++++++--- tests/data_files/Makefile | 5 +++++ tests/suites/test_suite_pkcs7.data | 3 +++ tests/suites/test_suite_pkcs7.function | 20 +++++++++---------- 5 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 3f87dc3e28..59da147b9b 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -96,6 +96,20 @@ typedef mbedtls_asn1_named_data mbedtls_pkcs7_name; */ typedef mbedtls_asn1_sequence mbedtls_pkcs7_sequence; +/** + * PKCS7 types + */ +typedef enum { + MBEDTLS_PKCS7_NONE=0, + MBEDTLS_PKCS7_DATA, + MBEDTLS_PKCS7_SIGNED_DATA, + MBEDTLS_PKCS7_ENVELOPED_DATA, + MBEDTLS_PKCS7_SIGNED_AND_ENVELOPED_DATA, + MBEDTLS_PKCS7_DIGESTED_DATA, + MBEDTLS_PKCS7_ENCRYPTED_DATA, +} +mbedtls_pkcs7_type; + /** * Structure holding PKCS7 signer info */ @@ -168,7 +182,7 @@ void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ); * \p buf. In particular, \p buf may be destroyed or reused * after this call returns. * - * \return \c 0, if successful. + * \return The \c mbedtls_pkcs7_type of \p buf, if successful. * \return A negative error code on failure. */ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, diff --git a/library/pkcs7.c b/library/pkcs7.c index c3236e188a..5563f330ee 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -103,6 +103,7 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, { size_t len = 0; int ret; + unsigned char *start = *p; ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); @@ -110,8 +111,10 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); - if( ret != 0 ) + if( ret != 0 ) { + *p = start; return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + } pkcs7->tag = MBEDTLS_ASN1_OID; pkcs7->len = len; @@ -428,6 +431,7 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, unsigned char *end; size_t len = 0; int ret; + int isoidset = 0; if( !pkcs7 ) return( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); @@ -444,7 +448,10 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, ret = pkcs7_get_content_info_type( &start, end, &pkcs7->content_type_oid ); if( ret != 0 ) - goto out; + { + len = buflen; + goto try_data; + } if( ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid ) || ! MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid ) @@ -463,17 +470,31 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, goto out; } + isoidset = 1; start = start + pkcs7->content_type_oid.len; ret = pkcs7_get_next_content_len( &start, end, &len ); if( ret != 0 ) goto out; +try_data: ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); + if ( ret != 0 ) + goto out; + + if ( !isoidset ) + { + pkcs7->content_type_oid.tag = MBEDTLS_ASN1_OID; + pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS7_SIGNED_DATA ); + pkcs7->content_type_oid.p = (unsigned char *)MBEDTLS_OID_PKCS7_SIGNED_DATA; + } + + ret = MBEDTLS_PKCS7_SIGNED_DATA; out: - if ( ret != 0 ) + if ( ret < 0 ) mbedtls_pkcs7_free( pkcs7 ); + return( ret ); } diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 288b01f184..dbe32340f7 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1223,6 +1223,11 @@ pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc all_final += pkcs7_signerInfo_serial_invalid_size.der +# pkcs7 signature file just with signed data +pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der + dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1 +all_final += pkcs7_data_cert_signeddata_sha256.der + ################################################################ #### Diffie-Hellman parameters ################################################################ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 870e83bb84..75ee9f6b03 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -51,3 +51,6 @@ pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der" PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der" + +PKCS7 Only Signed Data Parse Pass #15 +pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index b5ef2ef361..d85a455613 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -29,7 +29,7 @@ void pkcs7_parse( char *pkcs7_file ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); exit: mbedtls_free( pkcs7_buf ); @@ -52,7 +52,7 @@ void pkcs7_parse_without_cert( char *pkcs7_file ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); exit: mbedtls_free( pkcs7_buf ); @@ -210,10 +210,10 @@ void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); mbedtls_free( pkcs7_buf ); - res = stat(filetobesigned, &st); + res = stat( filetobesigned, &st ); TEST_ASSERT( res == 0 ); file = fopen( filetobesigned, "rb" ); @@ -263,9 +263,9 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - res = stat(filetobesigned, &st); + res = stat( filetobesigned, &st ); TEST_ASSERT( res == 0 ); file = fopen( filetobesigned, "rb" ); @@ -319,12 +319,12 @@ void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); res = mbedtls_x509_crt_parse_file( &x509, crt ); TEST_ASSERT( res == 0 ); - res = stat(filetobesigned, &st); + res = stat( filetobesigned, &st ); TEST_ASSERT( res == 0 ); file = fopen( filetobesigned, "rb" ); @@ -369,12 +369,12 @@ void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesign TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); res = mbedtls_x509_crt_parse_file( &x509, crt ); TEST_ASSERT( res == 0 ); - res = stat(filetobesigned, &st); + res = stat( filetobesigned, &st ); TEST_ASSERT( res == 0 ); file = fopen( filetobesigned, "rb" ); From ca07f06024c381a69d692bb67a5c75b6675999b9 Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Fri, 12 Jun 2020 18:44:04 +0000 Subject: [PATCH 003/139] mbedtls: add pkcs7 in generate_errors.pl This patch updates the generate_errors.pl to handle PKCS7 code as well. Signed-off-by: Nayna Jain --- scripts/generate_errors.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0a03f02e96..6ecd0acd41 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -52,7 +52,7 @@ my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM SHA1 SHA256 SHA512 THREADING ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 - RSA SSL X509 ); + RSA SSL X509 PKCS7 ); undef $/; @@ -136,6 +136,7 @@ foreach my $match (@matches) $define_name = "ASN1_PARSE" if ($define_name eq "ASN1"); $define_name = "SSL_TLS" if ($define_name eq "SSL"); $define_name = "PEM_PARSE,PEM_WRITE" if ($define_name eq "PEM"); + $define_name = "PKCS7" if ($define_name eq "PKCS7"); my $include_name = $module_name; $include_name =~ tr/A-Z/a-z/; From aa91d4ef0bda8306925705cfecbf76725001c43a Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Fri, 29 May 2020 00:23:21 +1000 Subject: [PATCH 004/139] pkcs7: build under CMake The patch updates CMakeLists.txt to include pkcs7. Signed-off-by: Daniel Axtens --- library/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 378cfb4570..aed4a05c47 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -89,6 +89,7 @@ set(src_crypto ) set(src_x509 + pkcs7.c x509.c x509_create.c x509_crl.c From 106a0afc5a8819d6f7fc450c66caa5919681cdd5 Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Tue, 3 Nov 2020 21:07:21 +0000 Subject: [PATCH 005/139] pkcs7: provide fuzz harness This allows for pkcs7 fuzz testing with OSS-Fuzz. Signed-off-by: Daniel Axtens Signed-off-by: Nayna Jain --- programs/fuzz/.gitignore | 1 + programs/fuzz/CMakeLists.txt | 1 + programs/fuzz/fuzz_pkcs7.c | 19 +++++++++++++++++++ programs/fuzz/fuzz_pkcs7.options | 2 ++ 4 files changed, 23 insertions(+) create mode 100644 programs/fuzz/fuzz_pkcs7.c create mode 100644 programs/fuzz/fuzz_pkcs7.options diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore index 5dc0960551..34e3ed0882 100644 --- a/programs/fuzz/.gitignore +++ b/programs/fuzz/.gitignore @@ -1,6 +1,7 @@ fuzz_client fuzz_dtlsclient fuzz_dtlsserver +fuzz_pkcs7 fuzz_privkey fuzz_pubkey fuzz_server diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index c7fcd356bc..7747744cd1 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -12,6 +12,7 @@ set(executables_no_common_c fuzz_x509crl fuzz_x509crt fuzz_x509csr + fuzz_pkcs7 ) set(executables_with_common_c diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c new file mode 100644 index 0000000000..960007d7ab --- /dev/null +++ b/programs/fuzz/fuzz_pkcs7.c @@ -0,0 +1,19 @@ +#include +#include "mbedtls/pkcs7.h" + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { +#ifdef MBEDTLS_PKCS7_C + mbedtls_pkcs7 pkcs7; + + mbedtls_pkcs7_init( &pkcs7 ); + + mbedtls_pkcs7_parse_der( &pkcs7, Data, Size ); + + mbedtls_pkcs7_free( &pkcs7 ); +#else + (void) Data; + (void) Size; +#endif + + return 0; +} diff --git a/programs/fuzz/fuzz_pkcs7.options b/programs/fuzz/fuzz_pkcs7.options new file mode 100644 index 0000000000..0824b19fab --- /dev/null +++ b/programs/fuzz/fuzz_pkcs7.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 65535 From 136c6aa46732ad0fd6d1f884af8eae8893208cbe Mon Sep 17 00:00:00 2001 From: Nayna Jain Date: Wed, 18 Nov 2020 14:44:21 +0000 Subject: [PATCH 006/139] mbedtls: add pkcs7 test data This commit adds the static test data generated by commands from Makefile. Signed-off-by: Nayna Jain --- tests/data_files/pkcs7-rsa-sha256-1.crt | 20 ++++++++ tests/data_files/pkcs7-rsa-sha256-1.key | 28 ++++++++++ tests/data_files/pkcs7-rsa-sha256-1.pem | 48 ++++++++++++++++++ tests/data_files/pkcs7-rsa-sha256-2.crt | 20 ++++++++ tests/data_files/pkcs7-rsa-sha256-2.key | 28 ++++++++++ tests/data_files/pkcs7-rsa-sha256-2.pem | 48 ++++++++++++++++++ tests/data_files/pkcs7_data.txt | 1 + tests/data_files/pkcs7_data_1.txt | 1 + .../data_files/pkcs7_data_cert_encrypted.der | Bin 0 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 0 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 0 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 0 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 0 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 0 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 0 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 0 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 0 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 0 -> 1284 bytes .../pkcs7_data_without_cert_signed.der | Bin 0 -> 435 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 0 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 0 -> 1284 bytes 21 files changed, 194 insertions(+) create mode 100644 tests/data_files/pkcs7-rsa-sha256-1.crt create mode 100644 tests/data_files/pkcs7-rsa-sha256-1.key create mode 100644 tests/data_files/pkcs7-rsa-sha256-1.pem create mode 100644 tests/data_files/pkcs7-rsa-sha256-2.crt create mode 100644 tests/data_files/pkcs7-rsa-sha256-2.key create mode 100644 tests/data_files/pkcs7-rsa-sha256-2.pem create mode 100644 tests/data_files/pkcs7_data.txt create mode 100644 tests/data_files/pkcs7_data_1.txt create mode 100644 tests/data_files/pkcs7_data_cert_encrypted.der create mode 100644 tests/data_files/pkcs7_data_cert_signed_sha1.der create mode 100644 tests/data_files/pkcs7_data_cert_signed_sha256.der create mode 100644 tests/data_files/pkcs7_data_cert_signed_sha512.der create mode 100644 tests/data_files/pkcs7_data_cert_signed_v2.der create mode 100644 tests/data_files/pkcs7_data_cert_signeddata_sha256.der create mode 100644 tests/data_files/pkcs7_data_multiple_certs_signed.der create mode 100644 tests/data_files/pkcs7_data_multiple_signed.der create mode 100644 tests/data_files/pkcs7_data_signed_badcert.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner.der create mode 100644 tests/data_files/pkcs7_data_without_cert_signed.der create mode 100644 tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der create mode 100644 tests/data_files/pkcs7_signerInfo_serial_invalid_size.der diff --git a/tests/data_files/pkcs7-rsa-sha256-1.crt b/tests/data_files/pkcs7-rsa-sha256-1.crt new file mode 100644 index 0000000000..ebbaf7cc6e --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUMBERfOWtW1Y8Y661YJt3KlBYYZ0wDQYJKoZIhvcNAQEL +BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT +NyBDZXJ0IDEwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfqRyKXRqfkj/BThWvwcKfv +qsTiZmVOE6sIusfY86qae4Yv8R8AaBgA3eYbSOat/Xyr3VFgZGtv9Hc8iDM7K1h9 +U9WBKPGN1gGw12LzAxIbf+t5qkH21YtPNkr7liwJruhTh/JLypKE/SVW1XIS47PE +Ug92emsRMKfgsReO7x/EmB/c5cnXfwnrc+DKog2eB+6eIPhq2uq0g+/bV8hkx8+D +N50Qq1OMdy0s/RXeurlYG72jhpj978eOq467vUIIxyD4ggsh9f3ZMOEGFlGjSiZL +CXTgbIbwXnndamf3iqWWN5ZiDH6NVP1UTfCvxvX4HfBE928z0OXu4k7QxNaboEEC +AwEAAaNTMFEwHQYDVR0OBBYEFF1d36HSc95cdyWYy/SRZPsmWncJMB8GA1UdIwQY +MBaAFF1d36HSc95cdyWYy/SRZPsmWncJMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAIqAZJRQFPL8GFpxp0ZjF4vSiKX/D0/+LJB+vei4ZGZMaqRo +afT9LBAquK1JjXYXJ9wz56ueVxggouVLb6XTrAwsHISwVxKzxkmBde2egPZ9L7tw +EJdb2YPAkdoi3fY259N6KS8S0MwMMi/YmiXpVpQiPQ5tQFdbT9oSqewi/C7TudFc +hez1M7ToYfbMaZ1yQxf5otT8wKVKhLdEb9ncE2Jku6eH+5+lcVFsliLcNo28bd0c +joRYufduegaxmFluq4YWCozgET38AFKiG9Y8fK34He/qJIwHn7nWJ3cy3j+NAh3X +gpobw4JhCNXaInaNx/BZsoedjXnkunhgRijykOU= +-----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.key b/tests/data_files/pkcs7-rsa-sha256-1.key new file mode 100644 index 0000000000..0c7d37d880 --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-1.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH6kcil0an5I/w +U4Vr8HCn76rE4mZlThOrCLrH2POqmnuGL/EfAGgYAN3mG0jmrf18q91RYGRrb/R3 +PIgzOytYfVPVgSjxjdYBsNdi8wMSG3/reapB9tWLTzZK+5YsCa7oU4fyS8qShP0l +VtVyEuOzxFIPdnprETCn4LEXju8fxJgf3OXJ138J63PgyqINngfuniD4atrqtIPv +21fIZMfPgzedEKtTjHctLP0V3rq5WBu9o4aY/e/HjquOu71CCMcg+IILIfX92TDh +BhZRo0omSwl04GyG8F553Wpn94qlljeWYgx+jVT9VE3wr8b1+B3wRPdvM9Dl7uJO +0MTWm6BBAgMBAAECggEASx6bUEIryJa4B4Q61E5q5o/GSWkRNOvbtB75oHLDTM3z +sH5/Sjjq5Goe94I1KIkkgR5LcXKZCU3uPIfAXg/Tv9KIF+gKrImxar06kfHiq4Et +1hvHgDXyFADV0+MpkK6qzJ3mrYMRQXE7djZkyhKTAU+5zhmk8mppMAvcP4/0Bqk8 +EQRd6rPzeQdK6Lz0UPHsjO2bqksdqtts090W07VY13tZdSL3Xsjig0TEsM0Oalv9 +VKTU+xBLQuD9cn2QYQfSflQl7ZGrS2N7OeZ4Ju5Spygo7YO/Lsl3WMYKNPiX7E7T +Z+sD6duWLbPC6atWgk1XmD9oZLBsx/jZT/Lp+cOLaQKBgQD3u8iNs4AafDnxAdZc +3vQBH0yablI5nRtRrAmpjyj8gNNbszoeCM+7MBJ2Npw3qnYtqRWw5vKljU3gVLXG +aPxUnyAJIVBWZDdlnnqOjKY++k6IF+3vcal9In+j5W0HYEfngLSm1/mJJHfK4N21 +JaJMwIxXJBkt0AbhyJlFc5WWowKBgQDOlgPY2xabKU5r+st3n1QKReirkb07rUR0 +ky3nBDGfI3svglX+5ZC/cDsl/YjAkGgOYgpgf1z0KUj2GmkQ6eMj9QVwzstwhKql +Asg4BXTd36Ia4zAbIYluUqHgbQOXKItLwJ3o1UImRlOosxG1hrHm1YpBZu9LEq// +medOr+nvywKBgA5eNMaLJ53hoJaqzZz7TVmXUCEQzvIKe6AkAzdzVyQ18Iw7+93s +Eug/ZIK4rhzIZSxGxzxIWMBjTqX5I8XLJv9db0U4SmmITHI3W9JSs/2pFM7t3F3r +0LGyQ4bk8orf+auimlem5REgLVZ17kXoVd5vuHQBYvh2PT/xG3qctotTAoGAeVgW +lGdEJQmjPbvHjdExjQM5QqXNUGNbBVp6KOsGtqIhtmtJVfrEBh7HL253yBxKcsBV +tg65q9UgPSaQNlYbjEBc3MErMEFM9rXmozlZRwYX8tElrZoKXpn86ZU++afgAjP2 +zQ+O1mqSs1HTghvHHX6qwfXTcvZcGLfu7QJZV/cCgYEAkpfg4Ev8zPPTpDTeS3h+ +uUhrU7cQ6Ry1+S1effLjaDLm+YdpXJ7DGhtV6yLSXbZPlcmbzYZyvBmYixdz8oqw +btJym460gKjAQLIrMcLL3tJcX5ww6oRCL5hqZgvcFeIlmYSTIEZs0X69Ft8trWSu +A3BsQ4P24o/FXcvGAv0gH0E= +-----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.pem b/tests/data_files/pkcs7-rsa-sha256-1.pem new file mode 100644 index 0000000000..fe1e16f8dc --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-1.pem @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUMBERfOWtW1Y8Y661YJt3KlBYYZ0wDQYJKoZIhvcNAQEL +BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT +NyBDZXJ0IDEwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfqRyKXRqfkj/BThWvwcKfv +qsTiZmVOE6sIusfY86qae4Yv8R8AaBgA3eYbSOat/Xyr3VFgZGtv9Hc8iDM7K1h9 +U9WBKPGN1gGw12LzAxIbf+t5qkH21YtPNkr7liwJruhTh/JLypKE/SVW1XIS47PE +Ug92emsRMKfgsReO7x/EmB/c5cnXfwnrc+DKog2eB+6eIPhq2uq0g+/bV8hkx8+D +N50Qq1OMdy0s/RXeurlYG72jhpj978eOq467vUIIxyD4ggsh9f3ZMOEGFlGjSiZL +CXTgbIbwXnndamf3iqWWN5ZiDH6NVP1UTfCvxvX4HfBE928z0OXu4k7QxNaboEEC +AwEAAaNTMFEwHQYDVR0OBBYEFF1d36HSc95cdyWYy/SRZPsmWncJMB8GA1UdIwQY +MBaAFF1d36HSc95cdyWYy/SRZPsmWncJMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAIqAZJRQFPL8GFpxp0ZjF4vSiKX/D0/+LJB+vei4ZGZMaqRo +afT9LBAquK1JjXYXJ9wz56ueVxggouVLb6XTrAwsHISwVxKzxkmBde2egPZ9L7tw +EJdb2YPAkdoi3fY259N6KS8S0MwMMi/YmiXpVpQiPQ5tQFdbT9oSqewi/C7TudFc +hez1M7ToYfbMaZ1yQxf5otT8wKVKhLdEb9ncE2Jku6eH+5+lcVFsliLcNo28bd0c +joRYufduegaxmFluq4YWCozgET38AFKiG9Y8fK34He/qJIwHn7nWJ3cy3j+NAh3X +gpobw4JhCNXaInaNx/BZsoedjXnkunhgRijykOU= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDH6kcil0an5I/w +U4Vr8HCn76rE4mZlThOrCLrH2POqmnuGL/EfAGgYAN3mG0jmrf18q91RYGRrb/R3 +PIgzOytYfVPVgSjxjdYBsNdi8wMSG3/reapB9tWLTzZK+5YsCa7oU4fyS8qShP0l +VtVyEuOzxFIPdnprETCn4LEXju8fxJgf3OXJ138J63PgyqINngfuniD4atrqtIPv +21fIZMfPgzedEKtTjHctLP0V3rq5WBu9o4aY/e/HjquOu71CCMcg+IILIfX92TDh +BhZRo0omSwl04GyG8F553Wpn94qlljeWYgx+jVT9VE3wr8b1+B3wRPdvM9Dl7uJO +0MTWm6BBAgMBAAECggEASx6bUEIryJa4B4Q61E5q5o/GSWkRNOvbtB75oHLDTM3z +sH5/Sjjq5Goe94I1KIkkgR5LcXKZCU3uPIfAXg/Tv9KIF+gKrImxar06kfHiq4Et +1hvHgDXyFADV0+MpkK6qzJ3mrYMRQXE7djZkyhKTAU+5zhmk8mppMAvcP4/0Bqk8 +EQRd6rPzeQdK6Lz0UPHsjO2bqksdqtts090W07VY13tZdSL3Xsjig0TEsM0Oalv9 +VKTU+xBLQuD9cn2QYQfSflQl7ZGrS2N7OeZ4Ju5Spygo7YO/Lsl3WMYKNPiX7E7T +Z+sD6duWLbPC6atWgk1XmD9oZLBsx/jZT/Lp+cOLaQKBgQD3u8iNs4AafDnxAdZc +3vQBH0yablI5nRtRrAmpjyj8gNNbszoeCM+7MBJ2Npw3qnYtqRWw5vKljU3gVLXG +aPxUnyAJIVBWZDdlnnqOjKY++k6IF+3vcal9In+j5W0HYEfngLSm1/mJJHfK4N21 +JaJMwIxXJBkt0AbhyJlFc5WWowKBgQDOlgPY2xabKU5r+st3n1QKReirkb07rUR0 +ky3nBDGfI3svglX+5ZC/cDsl/YjAkGgOYgpgf1z0KUj2GmkQ6eMj9QVwzstwhKql +Asg4BXTd36Ia4zAbIYluUqHgbQOXKItLwJ3o1UImRlOosxG1hrHm1YpBZu9LEq// +medOr+nvywKBgA5eNMaLJ53hoJaqzZz7TVmXUCEQzvIKe6AkAzdzVyQ18Iw7+93s +Eug/ZIK4rhzIZSxGxzxIWMBjTqX5I8XLJv9db0U4SmmITHI3W9JSs/2pFM7t3F3r +0LGyQ4bk8orf+auimlem5REgLVZ17kXoVd5vuHQBYvh2PT/xG3qctotTAoGAeVgW +lGdEJQmjPbvHjdExjQM5QqXNUGNbBVp6KOsGtqIhtmtJVfrEBh7HL253yBxKcsBV +tg65q9UgPSaQNlYbjEBc3MErMEFM9rXmozlZRwYX8tElrZoKXpn86ZU++afgAjP2 +zQ+O1mqSs1HTghvHHX6qwfXTcvZcGLfu7QJZV/cCgYEAkpfg4Ev8zPPTpDTeS3h+ +uUhrU7cQ6Ry1+S1effLjaDLm+YdpXJ7DGhtV6yLSXbZPlcmbzYZyvBmYixdz8oqw +btJym460gKjAQLIrMcLL3tJcX5ww6oRCL5hqZgvcFeIlmYSTIEZs0X69Ft8trWSu +A3BsQ4P24o/FXcvGAv0gH0E= +-----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.crt b/tests/data_files/pkcs7-rsa-sha256-2.crt new file mode 100644 index 0000000000..0cd377afcc --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-2.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUSbz5H6XcKL1urGmyF9I9v63PwccwDQYJKoZIhvcNAQEL +BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT +NyBDZXJ0IDIwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4tAEi8b+ZE3OIuv91WduiU +qQQXPqMNndTj3Q3hxd5CvYCZ3dAoYQOdPOtGWxLe89zpqUI/Sp8hSpCOw0ucgxCe +96ahpx/BVvMG6BabtxSXWYmGv0rJmFE3LwzskvK9P8dwaGLZler+9CgjKtcgfhTc +zbwhSDeHCHAZWqJUtLpAACiU8rn78p7x8zWoUUsntUiTCyw1SCHvIhGPeCbT4QVX +YNxIP2H52s7waHqtHLpGtJSsSxTxfbxcmbMQlrDaY/8ArLxo2VKqvGJv90IDjbGy +ORHRMOuxxxjowC9+yH4xtVRl821dsJFSSnmAEBXas3hkneFVBxiR7vUf61Wv760C +AwEAAaNTMFEwHQYDVR0OBBYEFNdysL6wT6p/KA7w/efpAyX7/FXZMB8GA1UdIwQY +MBaAFNdysL6wT6p/KA7w/efpAyX7/FXZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKGSxRvoL+FpC4LtiT4Cie53yKlzISq+ZMR4eHm1BFSidiFv +apntxj9k1JIIlDzbabVEJdy+O8EzipqUNFdPky+EpnZTnoTXilNusPH2FW+R6qMx +XrDl4MwtSYnH1RwkjF+yjYysp6pdxm+gr6k7lS4biHq6VfUYSvQBvSuIYMn+XZa/ +ZgQs0NWeh3GgVFkpGkG/yxXMq1WRGSrFfmqExLVpMeNXTINQsK5PH/JMaj44c4T7 ++qbq9Rf4U4ezkTUXHsQQsA3dFpPiL5Lv6RS+31VKLpXYJQ9j/Z+IWBFjTf/utt5T +VA2cEFCZIkNYUoX8RVs23cQr/ZNBxxgO/7JYNSE= +-----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key new file mode 100644 index 0000000000..6226f8ad46 --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-2.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeLQBIvG/mRNzi +Lr/dVnbolKkEFz6jDZ3U490N4cXeQr2Amd3QKGEDnTzrRlsS3vPc6alCP0qfIUqQ +jsNLnIMQnvemoacfwVbzBugWm7cUl1mJhr9KyZhRNy8M7JLyvT/HcGhi2ZXq/vQo +IyrXIH4U3M28IUg3hwhwGVqiVLS6QAAolPK5+/Ke8fM1qFFLJ7VIkwssNUgh7yIR +j3gm0+EFV2DcSD9h+drO8Gh6rRy6RrSUrEsU8X28XJmzEJaw2mP/AKy8aNlSqrxi +b/dCA42xsjkR0TDrsccY6MAvfsh+MbVUZfNtXbCRUkp5gBAV2rN4ZJ3hVQcYke71 +H+tVr++tAgMBAAECggEANzztAyiGkbOxTzLcVQV4Tt8XHoNA+X0bLqDwhtEJRvdE +8kJPGb/QTvu696voXMq9ysD1ahkeTm4Sgdpcx+HD3FAJto4eZRDGs2mWLnjMjfwL +MNwll0yD6D1WH1p6NovC3a0e5uS+F00IGyqTLiVP85PqOsnzkIqsGGLVW+K/hEaK +lRqKEf5tYzkdmlay8SfJQf03TuJVFp6qAgG/gH2EkGR/B4SLotXYDNXLFAzlx/N3 +QXHRIKhYOcvznbJ7Doww+nCyO613cUeZ1t3/22QRC3Vm8WMaYzxivGoMzmGM2YqI +MtUG+zXm4if9+MmT0CQ3meWLYwkIbFax6/6DLS6iKQKBgQD4EU4CEEjCsnYm7668 +0THvkcEsOTvSKroLYPKsuUbeoBfCvK4/o6kb2dQbR9c8MnHAJ8yN9gMbuP/njPUu +G9/sycI3uDRYpsQDeBcD74NtCAKqB1s7kcucMzxudwAqw/jJCJxyPqGiS8HJGQRO +sQMtBkvQx9RqKKagAgCWwaiLQwKBgQDlR76cQN3GSVRZfsA2rqTyZo8b4ECSEu0O +4vSQ0i5xMWp8uJLRBxktRYYCMfzH6dHDG+GNYearolOHm7BfC3QUH2EC6kE2D/9P +A40JrF7QEkDRtQ2rmNOQ2diLB1wYQiqRJieuXVIIzaRcyenRxP6ec2YMmHl9FaPh +dmYzjtDSTwKBgFr2/YQENKowhuMAQTM8AvO2nv94fVc0E8TYaCSuTC6Wxh/C0KLF +gN2VoxHd5i9M0CmGbpwf+kPQMwbVyZJ+5j4OPgnwokFf5cDf6JCo46i3p0JyMCJH +9EHzB9X6DTWhZzlQzw2Vqe+5l/YGFm5EusVn6aVFob7L6U4DbfPaT9PBAoGAD1Hi +55fh+azOqQgyGbVDqjq2Fzu9tMT0+AisJL0Wg1O09M50aOkbgo3hrWXfqQ/zhyDm +ykafXhqDkE0T1NX0FKAgIEy8vLsG6SWol9vfnfGKSTjax/t3L3eO44NDYQ+Svo4Z +Gqp7n8D12YlYST7rcHTvfan2fCglAhyiKZHCXDsCgYEA0BeqGpJ6Oz6O8g61JixG +EryjO2cCnQLWlwlal40L63wY5tNDCixuDM6zJFq/tT9DYMuNANrfsqWU2ImKTNPE +kwlMgP813aPXREgyV3ylL4KLusfDF6hqPtDcU2QK05LuTX7puHwi0pR8jAmPzrng +Y2ncNnRJI7vczDETaW1vuoE= +-----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem new file mode 100644 index 0000000000..0f03a43a04 --- /dev/null +++ b/tests/data_files/pkcs7-rsa-sha256-2.pem @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDSTCCAjGgAwIBAgIUSbz5H6XcKL1urGmyF9I9v63PwccwDQYJKoZIhvcNAQEL +BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT +NyBDZXJ0IDIwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4tAEi8b+ZE3OIuv91WduiU +qQQXPqMNndTj3Q3hxd5CvYCZ3dAoYQOdPOtGWxLe89zpqUI/Sp8hSpCOw0ucgxCe +96ahpx/BVvMG6BabtxSXWYmGv0rJmFE3LwzskvK9P8dwaGLZler+9CgjKtcgfhTc +zbwhSDeHCHAZWqJUtLpAACiU8rn78p7x8zWoUUsntUiTCyw1SCHvIhGPeCbT4QVX +YNxIP2H52s7waHqtHLpGtJSsSxTxfbxcmbMQlrDaY/8ArLxo2VKqvGJv90IDjbGy +ORHRMOuxxxjowC9+yH4xtVRl821dsJFSSnmAEBXas3hkneFVBxiR7vUf61Wv760C +AwEAAaNTMFEwHQYDVR0OBBYEFNdysL6wT6p/KA7w/efpAyX7/FXZMB8GA1UdIwQY +MBaAFNdysL6wT6p/KA7w/efpAyX7/FXZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKGSxRvoL+FpC4LtiT4Cie53yKlzISq+ZMR4eHm1BFSidiFv +apntxj9k1JIIlDzbabVEJdy+O8EzipqUNFdPky+EpnZTnoTXilNusPH2FW+R6qMx +XrDl4MwtSYnH1RwkjF+yjYysp6pdxm+gr6k7lS4biHq6VfUYSvQBvSuIYMn+XZa/ +ZgQs0NWeh3GgVFkpGkG/yxXMq1WRGSrFfmqExLVpMeNXTINQsK5PH/JMaj44c4T7 ++qbq9Rf4U4ezkTUXHsQQsA3dFpPiL5Lv6RS+31VKLpXYJQ9j/Z+IWBFjTf/utt5T +VA2cEFCZIkNYUoX8RVs23cQr/ZNBxxgO/7JYNSE= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeLQBIvG/mRNzi +Lr/dVnbolKkEFz6jDZ3U490N4cXeQr2Amd3QKGEDnTzrRlsS3vPc6alCP0qfIUqQ +jsNLnIMQnvemoacfwVbzBugWm7cUl1mJhr9KyZhRNy8M7JLyvT/HcGhi2ZXq/vQo +IyrXIH4U3M28IUg3hwhwGVqiVLS6QAAolPK5+/Ke8fM1qFFLJ7VIkwssNUgh7yIR +j3gm0+EFV2DcSD9h+drO8Gh6rRy6RrSUrEsU8X28XJmzEJaw2mP/AKy8aNlSqrxi +b/dCA42xsjkR0TDrsccY6MAvfsh+MbVUZfNtXbCRUkp5gBAV2rN4ZJ3hVQcYke71 +H+tVr++tAgMBAAECggEANzztAyiGkbOxTzLcVQV4Tt8XHoNA+X0bLqDwhtEJRvdE +8kJPGb/QTvu696voXMq9ysD1ahkeTm4Sgdpcx+HD3FAJto4eZRDGs2mWLnjMjfwL +MNwll0yD6D1WH1p6NovC3a0e5uS+F00IGyqTLiVP85PqOsnzkIqsGGLVW+K/hEaK +lRqKEf5tYzkdmlay8SfJQf03TuJVFp6qAgG/gH2EkGR/B4SLotXYDNXLFAzlx/N3 +QXHRIKhYOcvznbJ7Doww+nCyO613cUeZ1t3/22QRC3Vm8WMaYzxivGoMzmGM2YqI +MtUG+zXm4if9+MmT0CQ3meWLYwkIbFax6/6DLS6iKQKBgQD4EU4CEEjCsnYm7668 +0THvkcEsOTvSKroLYPKsuUbeoBfCvK4/o6kb2dQbR9c8MnHAJ8yN9gMbuP/njPUu +G9/sycI3uDRYpsQDeBcD74NtCAKqB1s7kcucMzxudwAqw/jJCJxyPqGiS8HJGQRO +sQMtBkvQx9RqKKagAgCWwaiLQwKBgQDlR76cQN3GSVRZfsA2rqTyZo8b4ECSEu0O +4vSQ0i5xMWp8uJLRBxktRYYCMfzH6dHDG+GNYearolOHm7BfC3QUH2EC6kE2D/9P +A40JrF7QEkDRtQ2rmNOQ2diLB1wYQiqRJieuXVIIzaRcyenRxP6ec2YMmHl9FaPh +dmYzjtDSTwKBgFr2/YQENKowhuMAQTM8AvO2nv94fVc0E8TYaCSuTC6Wxh/C0KLF +gN2VoxHd5i9M0CmGbpwf+kPQMwbVyZJ+5j4OPgnwokFf5cDf6JCo46i3p0JyMCJH +9EHzB9X6DTWhZzlQzw2Vqe+5l/YGFm5EusVn6aVFob7L6U4DbfPaT9PBAoGAD1Hi +55fh+azOqQgyGbVDqjq2Fzu9tMT0+AisJL0Wg1O09M50aOkbgo3hrWXfqQ/zhyDm +ykafXhqDkE0T1NX0FKAgIEy8vLsG6SWol9vfnfGKSTjax/t3L3eO44NDYQ+Svo4Z +Gqp7n8D12YlYST7rcHTvfan2fCglAhyiKZHCXDsCgYEA0BeqGpJ6Oz6O8g61JixG +EryjO2cCnQLWlwlal40L63wY5tNDCixuDM6zJFq/tT9DYMuNANrfsqWU2ImKTNPE +kwlMgP813aPXREgyV3ylL4KLusfDF6hqPtDcU2QK05LuTX7puHwi0pR8jAmPzrng +Y2ncNnRJI7vczDETaW1vuoE= +-----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7_data.txt b/tests/data_files/pkcs7_data.txt new file mode 100644 index 0000000000..e965047ad7 --- /dev/null +++ b/tests/data_files/pkcs7_data.txt @@ -0,0 +1 @@ +Hello diff --git a/tests/data_files/pkcs7_data_1.txt b/tests/data_files/pkcs7_data_1.txt new file mode 100644 index 0000000000..0cfbf08886 --- /dev/null +++ b/tests/data_files/pkcs7_data_1.txt @@ -0,0 +1 @@ +2 diff --git a/tests/data_files/pkcs7_data_cert_encrypted.der b/tests/data_files/pkcs7_data_cert_encrypted.der new file mode 100644 index 0000000000000000000000000000000000000000..0d0706931e625b35b37466511e87ea4da5a731ba GIT binary patch literal 452 zcmXqLVm!dcsnzDu_MMlJoq0hM<3@uf#CyK)2f{@U2NS<^=CU)7tGsN z8*UbRUd(O#gvgnWyQ-_FPOJF2?fIEaTr&FBt5s7?9oNTPxe9TNztPBR+2t|wwnwWhJ znwUKenwSh1Ff%bSF^L!m3f4Sb8y#koyl!j4>~gJuh{U-Dyl_2?+(08tz$P+>vaks= z`S}>~8St{-pmyaBKF5g5~d59eI?N z>Lpz%)t2V>x5H1Q96#S|K38CMa8J3e z&R@}cyLLuM?_JzBkruvF5mNwFFbws$nV0DYqJ+PGBGnUFfI-@2sDrd zMv5#Six`VYZ0!Aomx}Mjl&j7-{bgdxZ?&j$P6K(6v@(l?fmj1}1^gfd!iPY=9j-Z z0$MxPdiIuytKTtxzItA`gu=Y1t4iwE384W9i#@4c}_@cNYjukG|P_ zVB#&MyWh;7U#`;B7rJnU$4LLiEY+7`Q{cj1ae53S7@AA%zF|BXD8gF@# z`0Y&Q+#+Z3pNp>iIk42LWxGrM%{#(LDZ7`q|DM0JFfeDD(jBwjJ-K&f`dT7(e$T67 z+c+aKZ*`j(SI+}M+dm9Ji=?mF)U5p>`~Hlzu zrLx}RA0juk&+V;zva2G&P2cD0ckMZUnsnEwEq}B%zT3ClkMn8Q&2=`ZMe3HK zQEz+1z4daw-Fd>=Vrn<1StEDnajWpneVbA{--QMQEU}c__UTTLBJ=kPeQ`7I%g;8^ z(*L8RQ(D-u>|EaQ*2dRfwT0{SymtHW33*OmY_{=<)1t@kKRk}Ixb*4k_OKtvUl>%Z z-RAP~JI9iTQ^S{R{5Q!%ej9hst$wchhY?*F^F62Ed&_9huWY(2%_c~T`Q{3Ht*7>% L|DO2R;oS!S0NDC! literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..3f2dfb5ace1ae4c6571da3551fac2c2c0d65d89a GIT binary patch literal 1284 zcmXqLVr5|C)N1o+`_9YA&a|M3<)c9p%UdQ!MnirBUN+8zHV?*BW)>z!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?B-8GB+{uGZ-{6axpbAGBO;0<*qc{ZTXY_55cY39}1Sg zUv=bBTB@J$YK~pUZ+u=gtGZ49qdY@~1jF5D(jL#&{;gSkH!vY3JO4|$O^30yc0_IP z)kckvz1J8wTu=JUEF@k3x^k7{x2xU$W?sLi>2R)l5#0XC`_!bCzp7zZi-aC;J`%)V zR+TMiu>8SB@xJ%+M`p<1d3y4CJ?HD<2d5VC&SQT!PvJ+_tyf!`-`@^Dk#hWev-wkauE;`?F!v9CX5Ke&9)H@@)n-6OvXN3P9Y;K;LDI@B5(Z)o*cI@D6bLgi z{%2t|U}Aa<^ph?n@m@|MUC*)0t4W_r;EsG@q;` z8JS=H>Ii7d5FhwS@TDn0D;cV1I3H@auv%OrcfX_oZi zrbLdbx0K3ykAH~V)IPVj^2x4>1UHRO6P_A2F_r_9UNJD|8TgQwqH$+Iq-tlYC+q%O!wYrPxVdu>-(HoOzhOW3N zcvL9)(8pUCp%=~p9Rf%C>!u+qah>X+UW9V>utIr$r+!sJ}sDj_3}Y^_v7|%p1~n& zbN}5tEO}|Us={*(&8CSV30aY|H`(72Sz>5%O_g)<)Y|Tomc_0&vU>#frue_@o4Lef R$+>OZT8Z9lsa$D}JOF;``!9Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?Ekt49rc8{0s(7j9g4jjEoG&U%4wycU%6X|3h$V_J@My z?^hjpl$PozyqaUz@f)94&8lwG|0vIpA;EC>nY72VwSQ|?-wjMi$;IWA8P_4cC)CGYd)Azph;6`0Z-9znRzXX*!(iUIe#)@;)`G<*#bk)gqzCn~wzX zmsMp88Z3XXQM~WH{E->*cb=ZSUeEcu_`#_~yz|)K%~SZ1b?eoZ=J&V5Pox|_-)uft zV0Ca$xvtJ%(R;ggMo8~n+&1Iy`{RA9`*!bj;yAAGqlsJb>))FO581>57kjCBbCx{F zY5NdYc{eNld)Lxw=F^gR>Uu-|hWLJ1f9&fI*$*z?^NlY&efP-k!jWsU7dSF8GcqtP z4mJohkOfAHEFX&)i%4wj{e_o`@5Pj>&N%&LV#;r|sB%sNd62X+i-dt#19k=cAO*sV zjQ?3!4VZxxaZOE0hC(UED{5H7U&m}g_@+j$M&YV~&) z2uzQ@*?eH)Ev38P%${Ga($p8aaE8Z7|HdrUmtj+sZ258>!lV6f39Wpi^hfXV&Wkav zZ@wCDd6D?-Oy=AoXYrqluKYQ$)T?E?Oa9F}!bvH+m$(0(zqBwgXPVL-v)(Mfz#g?`|8q4wyftJ4FTTwKQu-@c$?3= zUBS37#MNOAqq(G;lEbApee2(}m9TzDR)|Q~ysxy$Y1LGLut3d&OCO&&`1|S4mN(Z7 zZ}Ta<cO7|dsT+6rJ0vmMGM>?9W$@lvD%|nT+w%-Zjg(i{KvMvewvG? SEh}C;BYi=!>z)7p;->(;m;KTJ literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_cert_signed_v2.der b/tests/data_files/pkcs7_data_cert_signed_v2.der new file mode 100644 index 0000000000000000000000000000000000000000..1a24a8a2e3b72232f8ec4c2a1b2a45df051a2444 GIT binary patch literal 1284 zcmXqLVr5|C)N1o+`_9YA&a|M3<)c9p%UdQ!-PAmVmz!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-cnUbr4cZlDn+hTI06 zY|No7Y{E=_K8Ab-JRlAi4{Lz8bFjIgsDUtu&&njmg*krEPt?3yzjmIks0!Lo}Rp3&-uFe!Kp>O^Vr|bQ}~f}>(!R#_qW4Oq#QrrY(7_D zb#PC)uFhZ4d%Jcume*CFxVLxx*AfZ1c-e4BN0`&+$~wW`%=f!|NQ>{bSBj8eX%1Y%_nO~ zM&_5lIs#fd)_V4qiL2i+e!hBMxP-!@r{4KXFR$Uzk!jfwF0}cWXJhHxc@5uc^>-Ht zOpm_Vd|=`&rMutEo?oug)EByNhQ~<%#w^vBVN;ZB`Enh?qy29Qt$d^ONAL2^i!rTl zz8Y_Nk@)RQ=G-D@@t=#X{5i1Ht7W@O{>?kWNh!ORxBs5Mv@kGdn$jJ!-aWZ@W%^no zc7D&RV%s<)GH-R87+22&LEAqJL5rlX+0?B4A^ZN7N)P+|o!8XMjqcg^GRa zDUsvqEv2&F;~ye7wa@LXe6p(|!A;}Sgr|m0jOD;Hp{DZHT^0tnc4JO;QI<9OiZdKtlE77z|y}o@}@Ku8@y_t;j=B>MM zyT++^rFYh!Rc}vr$izPjn)6UL;Lk=wM#i<#<^6 TiOG_4+qkt7z1dQ^(j0jJ48;70 literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der new file mode 100644 index 0000000000000000000000000000000000000000..7c631f9d7495886951dc80a63dc299421620b8de GIT binary patch literal 1265 zcmXqLVtLEN$Y{uKz{|#&(B{FI%FM#V$jV^A&Bm$K=F#?@myw-uK@+pDK@+p5K@*eV z0%j&gCMFRBLBX1*Yoo(#lGklbm|dIr2W>vT8f0Sp)kYKp`Oxokw+P^ic?*=BMWaob=x9Kpp){dwRzS^kqvG*F|hU-b6 znT4e5UstYj{C2h5-^}axG#$=$FM``Yd7qlp@>ezNYLU?6%}0Xx%c`;k4VFLHDBky8 z{>TjZJ5NtuujhPS{NU6g-g)fr<|+Khy7g*H^ZVQ3CsK}|Z#JJRusXP>Tvz9>=)GM# zBc%5(ZkzG<{qerleY^KMaU56p(ZsFz_3urChiqbji@nsmIZGbow0(%HyqlH&y=&<- z^Jz&ub-f{fLwrB1Klb&9><5?c`NkKXzI)_%;mEbw3mlo485tNC2O9($$O0opmXAe@ zMI<)%{=!Se_hQObXPo{rG3B>fR5_=CJV;uZMZ!R=0lNZzkOE;w#{Vp=2FySTIoN@z z0vPO!3|$Q=QvyUj{gH?&T<(@E-hHWK>3@Fze>xND_P*GWlID}OBqQ_7UmXFh9cw*% z%f!|17(ZVwfegY1g1ydY(6mYmeSpC zX3sBIY3d7IIKyM4e`A*F%dja*wtTq`;nDuLgjT*$`lEMw=f#-TH(!mnyh!|ZCUb6) zv-reaH{CI99f;iQz^%iDj?Us@QLGfnA^S?`|QyE1((5j(%IBBX~I*(CdP7L(klk$JOdx{QZ()?h@6X&awIUxvotX>xa~gF`t|VJ z@XoX^%fugwJQ1k5^?Wst&pUqYd0Tflr&f0{J?y+0CVFG?%+M7#1&<0PpWI&)z_a{-q6cQ3zJ&}Iuh?)yY-A$VR`Q{W2K*)cu#Dw-_+@}H&uP=+C$Gj z_xkK4vR$j=%EsbW6;87fO}o_V+m{7jHR#ft$vAJ`x(l~!oO)M!XZ>0A_GE`l z{Ij4r4`l=XY&2wKTpL{;ZM{u5Bst@A)~5y2uU|(z4j~Ms|jdG;{? literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der new file mode 100644 index 0000000000000000000000000000000000000000..73755dbbdf77afe9bedabad2214bfd1755b4e8d9 GIT binary patch literal 2504 zcmcIldooQtYM#(j#aT_v9E+rWv zESef5mu6C%nyj{La&5+yQkgrp7!it&-t9^b3W&JKF{~_d_V@G z4URBOwM$(=0dmk12BHCEAZnoiKvV`%aD;EF9S{hUfdaA+Q1QP+po9Ux3^HK$AOlJ) zfk6Q%6a%WL#Eo*i+${rcH24-q8M=7-6@8TWk2s(xl`tbJf(ST_Dg#%8Iyn-RK;%cD zfRuG{*iYU`R0q{QVi*$nZ>+mN@We@7BKQ>+Wdah3CT2u4B1p72B!$FJ;1{Yg0Q{%N zlim=<0F)sh15ki6001JG{04u~w(|8kF*)UkIIMEEx^3iepp#mSe2buOq5ATvRKlDN zBnSr)jcMAAaU^jyB3ED95&B}3CDU}*HqUr+_ZfpZRu91K^bI9OOMAi!Ly{DMd%uGX4G~giTYqmv!^D%EcKFPR*+Sbb%$>)FVJ0O zDC#Xq`oUqihHDvVvjgJf(9u-!w=trS?^iO)^LOU^BNJE@3FUzJ=A)%mZL!S?-L!Lb zX2hwpt*5YL9~1^afHE@Z3TjIqMO#TmLk8pH^Xt{;;e*~$`jvz@Igivgh`iAZI@1k)OG-pkx0vR!OXAY4jr$w4Zxm#&Mg0+?EK#7 zd;))>iFVjAR)nTTn2 z;&MFUP8j;4SAWvI>;b%JdB=EH>{fzm=M$s}q3^Q(8~0rNZlz;;J-nO;RIA?N*NwZH zfALOvyJUK6!f*LWaM6kV*mtEb*6)>*k{fO4{X#W=+MUX@wc_&Qu1E9n!W}H$F_BhQ zvS;&3Xe_+;(!tQ0R1Jm9A(h?h5Vumz9?Lk+s`l*UrcAlw=AJE4CWBTisCF;ovgQMZ zpM3WKK9VI6AFN9&V#T~}iT1TMm_I-IyD-`F-szMJ4fvtggX^%*ceiq$-531Mwl5lc zlfNZQCeqOSd6)*bL+p6;F&p8CajVEZaw4}%2D_&WRrKPO2sQk0(3+oEAnG*mgB4j$ z*?OrCE(qULSzD2c^+@Nl9ynY{LbF#Yu2$;YcVB={XcRVLE*?xzZ6&o|a@|QlzP&Kd zw-ST}`S<5dzF#!hXxOWpfD!)8)3e)|CLgxpP$}hB%U*~DnEnfyV*ys!I?z(T9aXHt_!#RhLToFlT zC--KML%DOy>h$c%GUB(~(V-{X?b8L_TAMPzt7BzeudMcYL@&8nwJXn9lNsAWUBZzT z0sc0oZ~J?n{MN%VMxEX4wBsd|gIoWxueC${Newl7gWf6GgbTB8Fn52Yl8p2E^pyi7#Y|6?fCC?9 zZV!?vs4Hlf0{nhYx0Lm-y>^J&wn=jK32;gu>O9T$hz#hAbR@&2H3m9m%xiSqz<3SPaYlI?yP;`+;HeDgaC*PHdS6Zf z^@o0yhpGYXt#K}h2j|Ke7VAU`$%z>g;Dw@g`Cko4Ml<~edj`f(x|OU)rucVtsK;EZ zx^!!P;FdhjkK^J4q>Z3v1Yfo=08u~fF z0~HSML;f|}O`w=R`uYCc_V|qo+e0&$9n=U)Z&B9XbI+Spho-OfI(6_fY+k8jPKoFX z7*ay+GH!29>0%uZk>WjPPcu?fJ(Gl7{a1 zt64T;oP9RU#k;U$>s{-Xvd3MMYCes()tuCx%L0=V0XG8jt=qDOXIzeZL`6+qGmHyG+)IkT;^h9(O2CbSlv+^0S9~ P!j2Xp&PSN9x(@vdYO3T( literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_multiple_signed.der b/tests/data_files/pkcs7_data_multiple_signed.der new file mode 100644 index 0000000000000000000000000000000000000000..a38c3ef63fd7d725c4aa7620eaddb76e1f3a0289 GIT binary patch literal 810 zcmXqLVpe10)N1o+`_9YA&a|M3S=^wBS(u5D(U9MOmyI)_&4V$OnT3gwmBD};p^(wA ziRqm|6Js$@p@ENqi6OTECmVAp3!5;LpN}D*0S}17#lsrl?Hp`wC~6=K;xqH`fcXl} zsYN9UhD;&`f`T;Hp{DZHT z^0tnc4JO;QI<9OiZdKtlE77z|y}o@}@Ku8@y_t;j=B>MMyT++^rFYh!Rc}vr$izPj zn)6UL;Lk=wM#i<#<^6iOG_4+qkt7z1dQ^(j0jx z3w9$W5zjq8<(J;k*qgT|bCdWb+x=_LA3RPt*lU%!bo078PKTC;T%X(L(0^%%(1W*2 zuKS(d+vW0DRHXWD{$~-dx+&iz940UNvS|-zYs^Q_6di7%#%7)$dzdzaG%=R4sS7SI zzk70rTEWUWf4-Y?XxS?WEt1*ETKarmcY8q0?9-b2oOUffaru>S?DlQKe!^#_eu#Ky zvdpET_Iko*)BHk-(-V1rPg{^w_56Epc$M+&lq&s_kh>rDoXdE`$xx6Ye%rE9?-SS8 zushF6PU|t&zm64W>P^Zzo8Pu$uY<_@e2$j$(~C@#m6-Ree7;tMy=HsPuUG8zLnYEB q%VYx=XwO^Bs-r*k5!bxu-t!y$7AVe5^kj=*&Y8z!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?B-8GB+{uGZ-{6axpbAGBO;0<*qc{ZTXY_55cY39}1Sg zUv=bBTB@J$YK~pUZ+u=gtGZ49qdY@~1jF5D(jL#&{;gSkH!vY3JO4|$O^30yc0_IP z)kckvz1J8wTu=JUEF@k3x^k7{x2xU$W?sLi>2R)l5#0XC`_!bCzp7zZi-aC;J`%)V zR+TMiu>8SB@xJ%+M`p<1d3y4CJ?HD<2d5VC&SQT!PvJ+_tyf!`-`@^Dk#hWev-wkauE;`?F!v9CX5Ke&9)H@@)n-6OvXN3P9Y;K;fR5_=CJTT5=m02VV#2TzIhm@0t5&dAW!kTNAeQCYI+p(D_y4Cep>FSs9Vux( zSxYi9zx>q^(Au%qv$srK{f_bT)$_t76c#=8&R=?Y4UdjY%Z6~F&Br_&OW)3G_*SdG zyFg%i^v&i26K^Tq{bu(3a+RjO(1kNRM*25qslE)GqGZdL>kuC8e@kfP8>K&bmv>%_ zX?^q6c*~2#Z)Y;+7CDRmTy*8nfu&w8+gBCKl99M5CmGvI~5V@&+Zg1t2T@?v#8lNUSHEd!m2PVB@V9qn}AumPa&VtCf7%4{r zlRQfkBZJ%SL#;Hp{DZHT^0tnc4JO;QI<9OiZdKtlE77z|y}o@}@Ku8@y_t;j=B>MM zyT++^rFYh!Rc}vr$izPjn)6UL;Lk=wM#i<#<^6 TiOG_4+qkt7z1dQ^(j0jJeD?hR literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_signed_badsigner.der b/tests/data_files/pkcs7_data_signed_badsigner.der new file mode 100644 index 0000000000000000000000000000000000000000..9ea4231a6eb9e0c4645d1007ca30cb3170e580f3 GIT binary patch literal 1284 zcmXqLVr5|C)N1o+`_9YA&a|M3<)c9p%UdQ!MnirBUN+8zHV?*BW)>z!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?B-8GB+{uGZ-{6axpbAGBO;0<*qc{ZTXY_55cY39}1Sg zUv=bBTB@J$YK~pUZ+u=gtGZ49qdY@~1jF5D(jL#&{;gSkH!vY3JO4|$O^30yc0_IP z)kckvz1J8wTu=JUEF@k3x^k7{x2xU$W?sLi>2R)l5#0XC`_!bCzp7zZi-aC;J`%)V zR+TMiu>8SB@xJ%+M`p<1d3y4CJ?HD<2d5VC&SQT!PvJ+_tyf!`-`@^Dk#hWev-wkauE;`?F!v9CX5Ke&9)H@@)n-6OvXN3P9Y;K;LDI@B5(Z)o*cI@D6bLgi z{%2t|U}Aa<^ph?n@m@|MUC*)0t4W_r;EsG@q;` z8JS=H>Ii7d5FhwS@TDn0D;cV1I3H@auv%OrcfX_oZi zrbLdbx0K3ykAH~V)IPVj^2x4>1UHRO6P_A2F_r_9UNJD|8Tja?<|)KfBpPy&luvMH zLF8PFlp}#jo~4PA!EN`U)~|=(hIgiYStkBa>$GeBSYE&)d4gIkmcr>0#&1 zFwq;6XNIo0DR@*U`Q-kZ0M5hxOPehJ7>0QHbyOxt^M+ndTA17-(2;oW+O2223d?(s z87uwV#Cu|c{iaT*y{YO`*B*NQ!PiT9TSv?WlkHj^S2h;6s&JZ>XxgP--@YvPszI0D zOvZWh)?K(=Yyla|G zO^oG0g~dRH20jKRhTI06Y|No7Y{E=_K8Ab-JRlAi4{Lz8bFjIgsDUtu&&~gJuh{U<*mIB=XbsZzn4J=KJ3~sv*wSGPPHoP^F5f?M+pmy7tiX558W? z+d5)4m~7YTxU#XhRfW^6MAI(y`u1hPR}H%KW-`v3x9-C28mHcs-dTTEy*=3>6aOq| z&O_ONKN}4h8P`UaM_X^x4N1=Uob_qJ^sAQ-%DW%8ck>JmS)2Rs-eJj0%T*PgYiKr2 z3`xj}oW05Zj>r;2lWVG+lc&~ppR_D?y^-A`us6m3ZQsl#CQHt3z!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?B-8GB+{uGZ-{6axpbAGBO;0<*qc{ZTXY_55cY39}1Sg zUv=bBTB@J$YK~pUZ+u=gtGZ49qdY@~1jF5D(jL#&{;gSkH!vY3JO4|$O^30yc0_IP z)kckvz1J8wTu=JUEF@k3x^k7{x2xU$W?sLi>2R)l5#0XC`_!bCzp7zZi-aC;J`%)V zR+TMiu>8SB@xJ%+M`p<1d3y4CJ?HD<2d5VC&SQT!PvJ+_tyf!`-`@^Dk#hWev-wkauE;`?F!v9CX5Ke&9)H@@)n-6OvXN3P9Y;K;LDI@B5(Z)o*cI@D6bLgi z{%2t|U}Aa<^ph?n@m@|MUC*)0t4W_r;EsG@q;` z8JS=H>Ii7d5FhwS@TDn0D;cV1I3H@auv%OrcfX_oZi zrbLdbx0K3ykAH~V)IPVj^2x4>1UHRO6P_A2F_r_9UNJD|8Tc6JrsgTcR2Z9bk&;hv zXF=p#jFcmRNuH&Nk-=^Eq1La5--dUleOV^{P~?d~&8_FFd3@gSYtP%d!#TCOi|JwK z%`nj$lV^smxG8v4DEZ|6ngGtj{Y#rH{}_gN`E^t#NAreWPFk4UBG8d|@7k?ryb8;E zj~Ofd+{AlggZ-vXr@g7_Q`a7P{=wHvd0R)!29xbt9alCMx2kZOm1x?fUf;ef_^Lsd z-b}`M^VVIsUE|cd(mU(Vs<$UQWa6I%&3Pyr@MohTBjeiW@@VUAx*^FKpR+zKn11#0 zL3#J%_HLfRA!~F0-8(FKX}PMxa}CX=i6IGDk+V11-w|12XmU-JbMn;M?vs|qt~auK b1oo!*zwMj3#AM02ZQNRk-fXE{X^uPqX$SoE literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der new file mode 100644 index 0000000000000000000000000000000000000000..871e77db708b2ac4d3e045f61421e96c73d921eb GIT binary patch literal 1284 zcmXqLVr5|C)N1o+`_9YA&a|M3<)c9p%UdQ!MnirBUN+8zHV?*BW)>z!Rt5uZghIvz zP0YRqP0XGKO-zOhn3))vm_!T&1#6zJjSjO(Ubi)2cDYtSMB-eK5m3V!xq(KQ7;+nM zvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7XdoxfYh++(Xk=n& zVrXD!83p7TB5}zywTV#)*?B-8GB+{uGZ-{6axpbAGBO;0<*qc{ZTXY_55cY39}1Sg zUv=bBTB@J$YK~pUZ+u=gtGZ49qdY@~1jF5D(jL#&{;gSkH!vY3JO4|$O^30yc0_IP z)kckvz1J8wTu=JUEF@k3x^k7{x2xU$W?sLi>2R)l5#0XC`_!bCzp7zZi-aC;J`%)V zR+TMiu>8SB@xJ%+M`p<1d3y4CJ?HD<2d5VC&SQT!PvJ+_tyf!`-`@^Dk#hWev-wkauE;`?F!v9CX5Ke&9)H@@)n-6OvXN3P9Y;K;LDI@B5(Z)o*cI@D6bLgi z{%2t|U}Aa<^ph?n@m@|MUC*)0t4W_r;EsG@q;` z8JS=H>Ii7d5FhwS@TDn0D;cV1I3H@auv%OrcfX_oZi zrbLdbx0K3ykAH~V)IPVj^2x4>1UHRO6P_A2F_r_9UNJD|8TgQwqM3A4^Aut#3{APv zvmkOVM#_=EB+t^s$l$j7Q0v#jZ^Jv&zAO`eDDp(0=GODoJU;LEwdZZ!;hb9C#q_ZA zW|-)W$umP&+!Q=2lzei3O#tWN{-sTpe+)ys{5mR=qj^IwCoN2F5$H&~ckR|QUWMho z$BdPJZsI+$!G2Sx)816|scR2C|KRJTysaZ6BTU9vCN;K_KuWw%#eAS>! zZzkisdFw9Ru5s#J>7Dgw)!UODGV#xX<~)=Q__NWFk#TKwd9?L5-H_yr&sm=qOuu^h zpuGEWdpFPEkhQu0?j4rAv|Lr;xrS!b#E^un$l06h?}#ihG`XhAIeBVr_eslQ*BjYA b0((>Z-}cR1VzT7iHg2s%Z?;sfG)Eo)oICp2 literal 0 HcmV?d00001 From c448c94fe3253ca8a2c2951b3ce1ecb03053c351 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Thu, 1 Jul 2021 15:29:50 -0400 Subject: [PATCH 007/139] pkcs7: pkcs7_get_content_info_type should reset *p on error The function `pkcs7_asn1_get_tag` should return an update pointer only on success. Currently, the pointer is being updated on a failure case. This commit resets *p to start if the first call to mbedtls_asn1_get_tag fails. Signed-off-by: Daniel Axtens Signed-off-by: Nick Child --- library/pkcs7.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 5563f330ee..8c2a3ecaf3 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -107,8 +107,10 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) + if( ret != 0 ) { + *p = start; return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + } ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); if( ret != 0 ) { From 390e61a47a0f9b369e80c413add2a1cde3230d8e Mon Sep 17 00:00:00 2001 From: Nick Child Date: Mon, 9 Aug 2021 13:33:14 -0400 Subject: [PATCH 008/139] pkcs7.h: Make pkcs7 fields private All fields in the mbedtls_pkcs7 struct have been made private with MBEDTLS_PRIVATE. Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 46 +++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 59da147b9b..29bb503a74 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -46,6 +46,8 @@ #ifndef MBEDTLS_PKCS7_H #define MBEDTLS_PKCS7_H +#include "mbedtls/private_access.h" + #include "mbedtls/build_info.h" #include "asn1.h" @@ -115,14 +117,14 @@ mbedtls_pkcs7_type; */ typedef struct mbedtls_pkcs7_signer_info { - int version; - mbedtls_x509_buf serial; - mbedtls_x509_name issuer; - mbedtls_x509_buf issuer_raw; - mbedtls_x509_buf alg_identifier; - mbedtls_x509_buf sig_alg_identifier; - mbedtls_x509_buf sig; - struct mbedtls_pkcs7_signer_info *next; + int MBEDTLS_PRIVATE(version); + mbedtls_x509_buf MBEDTLS_PRIVATE(serial); + mbedtls_x509_name MBEDTLS_PRIVATE(issuer); + mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); + mbedtls_x509_buf MBEDTLS_PRIVATE(alg_identifier); + mbedtls_x509_buf MBEDTLS_PRIVATE(sig_alg_identifier); + mbedtls_x509_buf MBEDTLS_PRIVATE(sig); + struct mbedtls_pkcs7_signer_info *MBEDTLS_PRIVATE(next); } mbedtls_pkcs7_signer_info; @@ -131,8 +133,8 @@ mbedtls_pkcs7_signer_info; */ typedef struct mbedtls_pkcs7_data { - mbedtls_pkcs7_buf oid; - mbedtls_pkcs7_buf data; + mbedtls_pkcs7_buf MBEDTLS_PRIVATE(oid); + mbedtls_pkcs7_buf MBEDTLS_PRIVATE(data); } mbedtls_pkcs7_data; @@ -141,15 +143,15 @@ mbedtls_pkcs7_data; */ typedef struct mbedtls_pkcs7_signed_data { - int version; - mbedtls_pkcs7_buf digest_alg_identifiers; - struct mbedtls_pkcs7_data content; - int no_of_certs; - mbedtls_x509_crt certs; - int no_of_crls; - mbedtls_x509_crl crl; - int no_of_signers; - mbedtls_pkcs7_signer_info signers; + int MBEDTLS_PRIVATE(version); + mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers); + struct mbedtls_pkcs7_data MBEDTLS_PRIVATE(content); + int MBEDTLS_PRIVATE(no_of_certs); + mbedtls_x509_crt MBEDTLS_PRIVATE(certs); + int MBEDTLS_PRIVATE(no_of_crls); + mbedtls_x509_crl MBEDTLS_PRIVATE(crl); + int MBEDTLS_PRIVATE(no_of_signers); + mbedtls_pkcs7_signer_info MBEDTLS_PRIVATE(signers); } mbedtls_pkcs7_signed_data; @@ -158,9 +160,9 @@ mbedtls_pkcs7_signed_data; */ typedef struct mbedtls_pkcs7 { - mbedtls_pkcs7_buf raw; - mbedtls_pkcs7_buf content_type_oid; - mbedtls_pkcs7_signed_data signed_data; + mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); + mbedtls_pkcs7_buf MBEDTLS_PRIVATE(content_type_oid); + mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); } mbedtls_pkcs7; From 600bd30427a9d53b41c03e65f0816aa931669753 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 21 Feb 2022 11:30:43 +0100 Subject: [PATCH 009/139] Avoid unwanted eol conversion of test data MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also, text files don't need to be generated by the Makefile. Signed-off-by: Manuel Pégourié-Gonnard --- tests/data_files/Makefile | 28 ++++++------------- .../{pkcs7_data.txt => pkcs7_data.bin} | 0 .../{pkcs7_data_1.txt => pkcs7_data_1.bin} | 0 tests/suites/test_suite_pkcs7.data | 12 ++++---- 4 files changed, 14 insertions(+), 26 deletions(-) rename tests/data_files/{pkcs7_data.txt => pkcs7_data.bin} (100%) rename tests/data_files/{pkcs7_data_1.txt => pkcs7_data_1.bin} (100%) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index dbe32340f7..8c7520fe30 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1134,7 +1134,7 @@ tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key # PKCS7 test data pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt -pkcs7_test_file = pkcs7_data.txt +pkcs7_test_file = pkcs7_data.bin # Generate signing cert pkcs7-rsa-sha256-1.crt: @@ -1147,46 +1147,34 @@ pkcs7-rsa-sha256-2.crt: cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem all_final += pkcs7-rsa-sha256-2.crt -# Generate data file to be signed -pkcs7_data.txt: - echo "Hello" > $@ - echo 2 >> pkcs7_data_1.txt -all_final += pkcs7_data.txt - -# Generate another data file to check hash mismatch during certificate verification -pkcs7_data_1.txt: $(pkcs7_test_file) - cat $(pkcs7_test_file) > $@ - echo 2 >> $@ -all_final += pkcs7_data_1.txt - # pkcs7 signature file with CERT pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ all_final += pkcs7_data_cert_signed_sha256.der # pkcs7 signature file with CERT and sha1 pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ all_final += pkcs7_data_cert_signed_sha1.der # pkcs7 signature file with CERT and sha512 pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ all_final += pkcs7_data_cert_signed_sha512.der # pkcs7 signature file without CERT pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@ all_final += pkcs7_data_without_cert_signed.der # pkcs7 signature file with multiple signers pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@ all_final += pkcs7_data_multiple_signed.der # pkcs7 signature file with multiple certificates pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2) - $(OPENSSL) smime -sign -binary -in pkcs7_data.txt -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@ all_final += pkcs7_data_multiple_certs_signed.der # pkcs7 signature file with corrupted CERT @@ -1208,7 +1196,7 @@ pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der all_final += pkcs7_data_cert_signed_v2.der pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) - $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.txt -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt + $(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt all_final += pkcs7_data_cert_encrypted.der ## Negative tests diff --git a/tests/data_files/pkcs7_data.txt b/tests/data_files/pkcs7_data.bin similarity index 100% rename from tests/data_files/pkcs7_data.txt rename to tests/data_files/pkcs7_data.bin diff --git a/tests/data_files/pkcs7_data_1.txt b/tests/data_files/pkcs7_data_1.bin similarity index 100% rename from tests/data_files/pkcs7_data_1.txt rename to tests/data_files/pkcs7_data_1.bin diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 75ee9f6b03..4af0edad37 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -27,24 +27,24 @@ PKCS7 Signed Data Parse Fail Encrypted Content #8 pkcs7_parse_content_oid:"data_files/pkcs7_data_cert_encrypted.der" PKCS7 Signed Data Verification Pass SHA256 #9 -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.bin" PKCS7 Signed Data Verification Pass SHA256 #9.1 -pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" +pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.bin" PKCS7 Signed Data Verification Pass SHA1 #10 depends_on:MBEDTLS_SHA1_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.bin" PKCS7 Signed Data Verification Pass SHA512 #11 depends_on:MBEDTLS_SHA512_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.txt" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data.bin" PKCS7 Signed Data Verification Fail because of different certificate #12 -pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.txt" +pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" PKCS7 Signed Data Verification Fail because of different data hash #13 -pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data_1.txt" +pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7_data_1.bin" PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der" From 6671841d919beb38ba3d1abc08d93cce8af3314f Mon Sep 17 00:00:00 2001 From: Nick Child Date: Tue, 22 Feb 2022 17:19:59 -0600 Subject: [PATCH 010/139] pkcs7.c: Do not ignore return value of mbedlts_md CI was failing due to the return value of mbedtls_md being ignored. If this function does fail, return early and propogate the md error. Signed-off-by: Nick Child --- library/pkcs7.c | 8 ++++++-- tests/suites/test_suite_pkcs7.function | 5 +++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 8c2a3ecaf3..1c73709de3 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -523,8 +523,12 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); } - mbedtls_md( md_info, data, datalen, hash ); - + ret = mbedtls_md( md_info, data, datalen, hash ); + if( ret != 0 ) + { + mbedtls_free( hash ); + return( ret ); + } ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, 0, pkcs7->signed_data.signers.sig.p, pkcs7->signed_data.signers.sig.len ); diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index d85a455613..e2d76f36a9 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -285,9 +285,10 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) md_info = mbedtls_md_info_from_type( md_alg ); - mbedtls_md( md_info, data, datalen, hash ); + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash)); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); TEST_ASSERT( res == 0 ); exit: From 6427b34dec143af38afbf302cf6c8307894d4ffe Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 25 Feb 2022 11:43:31 -0600 Subject: [PATCH 011/139] pkcs7.c: Use pkcs7_get_version for signerInfo The function pkcs7_get_version can be used again when parsing the version of the signerInfo. Both require that the version be equal to 1. The pkcs7_get_version function will return error if the found value is not the expected version as opposed to mbedtls_asn1_get_int which does not. Signed-off-by: Nick Child --- library/pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 1c73709de3..5fa02e3114 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -289,7 +289,7 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, end_set = end_set_signer; - ret = mbedtls_asn1_get_int( p, end_set, &signers_set->version ); + ret = pkcs7_get_version( p, end_set, &signers_set->version ); if( ret != 0 ) return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); From 45525d37688e8b3d9918ca8b59591a3604a9c6db Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 25 Feb 2022 11:54:34 -0600 Subject: [PATCH 012/139] pkcs7: Fix dependencies for pkcs7 tests Fixes include removing PEM dependency for greater coverage when PEM config is not set and defining test dependencies at the appropriate level. Signed-off-by: Nick Child --- tests/data_files/Makefile | 9 +++++++ tests/data_files/pkcs7-rsa-sha256-1.der | Bin 0 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-2.der | Bin 0 -> 845 bytes tests/suites/test_suite_pkcs7.data | 33 +++++++++++++++++------- tests/suites/test_suite_pkcs7.function | 26 +++++++++---------- 5 files changed, 46 insertions(+), 22 deletions(-) create mode 100644 tests/data_files/pkcs7-rsa-sha256-1.der create mode 100644 tests/data_files/pkcs7-rsa-sha256-2.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 8c7520fe30..b92944ac29 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1147,6 +1147,15 @@ pkcs7-rsa-sha256-2.crt: cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem all_final += pkcs7-rsa-sha256-2.crt +# Convert signing certs to DER for testing PEM-free builds +pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) + $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER +all_final += pkcs7-rsa-sha256-1.der + +pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) + $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER +all_final += pkcs7-rsa-sha256-2.der + # pkcs7 signature file with CERT pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ diff --git a/tests/data_files/pkcs7-rsa-sha256-1.der b/tests/data_files/pkcs7-rsa-sha256-1.der new file mode 100644 index 0000000000000000000000000000000000000000..622df1e7a38899b4da3a3601badd4fb36a333238 GIT binary patch literal 845 zcmXqLV)is>VlrI7%*4pVBw`>aSo3skbeK)@x~&Pb%e4X`66YH5vTwH$JbLRo$llQJx_~g5mBnX^&@X|JJO&8<>!io&TlW zro-4;JEAuDYNN)--fN5-t|xtF7Lu-iUAfBf+tqG=Gq2y%bU4?&2yXx6eQHw6U)8Xy zMM94^9|__wtI8HMSpHz6c;9>ZBQxahJUw~6p7V9_gHwxm=dr(=r|=`|)~hYe?{9~n zNI8DK*?g|R>foMoU7f$8_jc`!klwqvZN}gC$NN_I?cVFeaa`d?6Sv~mzc&pYvWW#Q z_EPiaEP0UA_93qFZdUsDuBFq=rzP>!^@jWn@%^y=*w-JjA6&lY8((<(?vdYxBiCjx zaAaa;WMEtzY!GN53yc(5J{B<+k=WS#3ojMliz!!~ar(=|l;3Jm<(vlcAZcY52?MbP z>hCTPm>zwz`M|_mN_W4RJ-=L~sV{Wl43ClijajNM!=@VlrI7%*4pVB;vW}r~J}88hi8BWNs3_WV?Uu`Gdy|c-c6$+C196^D;7W zvoaW%7;+nMvN4CUun9By`55vU@PIg6JgfoU&cWt}q6WesJ~Iywn6KcRT2!K7WFRNb zYh++(Xk=n&VrXD!83p7TB5}zywTV#)*?Ekt49rc8{0s(7j9g4jjEoHTbQwJM#213~Tme+zeW^Cn^8C z6LaszO_qWe4PI|NF7e`ke%*;W!>u8ypL1h3Obqg>Y!DE=wYef??!!=aiHYyN%D)a> z|9&kKGb01z;$VY716g3C$nvp>v4~tR+OThf|EhWoz7Kz&zhqYZ{U`LMfjmfBnMJ}t ztO2_MevkrTM#ldvtOm?L3OU$;sR9`6j0_7W9hH8e|1gug>20SSQ|G(#6Dx}qwf3bP zsi>&j$`Z1uOff%e=G$ZTDOV7Cf)zdRK7X zhL7Jw^C!MqY#6uU>4P)6o}I_9%Bb|jZ|dz?vwT(TvHS(=S6WZilkTY675Y`e>kH#v z?T&<#|6-@@Ph-)!aCKgL;ewDzO)1Cyr$x`K4xK2eb+j(4<;d1d!^h!1%>f(M`OAOu z$+EL3Zu$Ld*{iSOKZ4sgPc#*mJ0h@w_paFFNBWcAzZBVbKh#Ta>J3%? Date: Mon, 28 Feb 2022 10:09:16 -0600 Subject: [PATCH 013/139] pkcs7: Change copyright Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 4 +--- library/pkcs7.c | 23 ++++++++++++----------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 29bb503a74..7699b60d53 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -5,7 +5,7 @@ * https://tools.ietf.org/html/rfc2315 */ /* - * Copyright (C) 2019, IBM Corp, All Rights Reserved + * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,8 +19,6 @@ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/pkcs7.c b/library/pkcs7.c index 5fa02e3114..9b66bdb23f 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -1,17 +1,18 @@ -/* Copyright 2019 IBM Corp. +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ #include "common.h" From 8a10f666923ee7e43cbfbc11243088bd7bb97e61 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Mon, 6 Jun 2022 12:18:40 -0500 Subject: [PATCH 014/139] test/pkcs7: Add init for PSA tests Initialize the PSA subsystem in the test functions. Signed-off-by: Nick Child --- tests/suites/test_suite_pkcs7.function | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 8b35c57559..01edadb5ff 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -200,6 +200,8 @@ void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned ) mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509; + USE_PSA_INIT(); + mbedtls_pkcs7_init( &pkcs7 ); mbedtls_x509_crt_init( &x509 ); @@ -233,6 +235,7 @@ exit: mbedtls_x509_crt_free( &x509 ); mbedtls_free( data ); mbedtls_pkcs7_free( &pkcs7 ); + USE_PSA_DONE(); } /* END_CASE */ @@ -253,6 +256,8 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509; + USE_PSA_INIT(); + mbedtls_pkcs7_init( &pkcs7 ); mbedtls_x509_crt_init( &x509 ); @@ -296,6 +301,7 @@ exit: mbedtls_free( data ); mbedtls_pkcs7_free( &pkcs7 ); mbedtls_free( pkcs7_buf ); + USE_PSA_DONE(); } /* END_CASE */ @@ -313,6 +319,8 @@ void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509; + USE_PSA_INIT(); + mbedtls_pkcs7_init( &pkcs7 ); mbedtls_x509_crt_init( &x509 ); @@ -346,6 +354,7 @@ exit: mbedtls_free( data ); mbedtls_pkcs7_free( &pkcs7 ); mbedtls_free( pkcs7_buf ); + USE_PSA_DONE(); } /* END_CASE */ @@ -363,6 +372,8 @@ void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesign mbedtls_pkcs7 pkcs7; mbedtls_x509_crt x509; + USE_PSA_INIT(); + mbedtls_pkcs7_init( &pkcs7 ); mbedtls_x509_crt_init( &x509 ); @@ -396,6 +407,7 @@ exit: mbedtls_pkcs7_free( &pkcs7 ); mbedtls_free( data ); mbedtls_free( pkcs7_buf ); + USE_PSA_DONE(); } /* END_CASE */ From 3538479faa7a73239671239feadbfac1b68b2f0c Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Wed, 2 Sep 2020 14:48:45 +1000 Subject: [PATCH 015/139] pkcs7: support multiple signers Rather than only parsing/verifying one SignerInfo in the SignerInfos field of the PKCS7 stucture, allow the ability to parse and verify more than one signature. Verification will return success if any of the signatures produce a match. Signed-off-by: Daniel Axtens Signed-off-by: Nick Child --- library/pkcs7.c | 260 +++++++++++++++++-------- tests/suites/test_suite_pkcs7.data | 10 +- tests/suites/test_suite_pkcs7.function | 80 ++++++-- 3 files changed, 249 insertions(+), 101 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 9b66bdb23f..0f4e1ec2b4 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -250,7 +250,6 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end, } /** - * SignerInfos ::= SET of SignerInfo * SignerInfo ::= SEQUENCE { * version Version; * issuerAndSerialNumber IssuerAndSerialNumber, @@ -261,6 +260,88 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end, * encryptedDigest EncryptedDigest, * unauthenticatedAttributes * [1] IMPLICIT Attributes OPTIONAL, + * Returns 0 if the signerInfo is valid. + * Return negative error code for failure. + **/ +static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end, + mbedtls_pkcs7_signer_info *signer ) +{ + unsigned char *end_signer; + int ret; + size_t len = 0; + + ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + end_signer = *p + len; + + ret = pkcs7_get_version( p, end_signer, &signer->version ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = mbedtls_asn1_get_tag( p, end_signer, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + /* Parsing IssuerAndSerialNumber */ + signer->issuer_raw.p = *p; + + ret = mbedtls_asn1_get_tag( p, end_signer, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + + ret = mbedtls_x509_get_name( p, *p + len, &signer->issuer ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + signer->issuer_raw.len = *p - signer->issuer_raw.p; + + ret = mbedtls_x509_get_serial( p, end_signer, &signer->serial ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->alg_identifier ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->sig_alg_identifier ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + ret = pkcs7_get_signature( p, end_signer, &signer->sig ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + /* Do not permit any unauthenticated attributes */ + if( *p != end_signer ) + return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + + return( 0 ); +} + +static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer ) +{ + mbedtls_x509_name *name_cur; + mbedtls_x509_name *name_prv; + + if( signer == NULL ) + return; + + name_cur = signer->issuer.next; + while( name_cur != NULL ) + { + name_prv = name_cur; + name_cur = name_cur->next; + mbedtls_free( name_prv ); + } +} + +/** + * SignerInfos ::= SET of SignerInfo * Return number of signers added to the signed data, * 0 or higher is valid. * Return negative error code for failure. @@ -268,76 +349,61 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end, static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, mbedtls_pkcs7_signer_info *signers_set ) { - unsigned char *end_set, *end_set_signer; + unsigned char *end_set; int ret; + int count = 0; size_t len = 0; + mbedtls_pkcs7_signer_info *signer, *prev; ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ); if( ret != 0 ) return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + /* Detect zero signers */ + if( len == 0 ) + return( 0 ); + end_set = *p + len; - ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE ); + ret = pkcs7_get_signer_info( p, end_set, signers_set ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + return( ret ); + count++; - end_set_signer = *p + len; - if (end_set_signer != end_set) - return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + prev = signers_set; + while( *p != end_set ) + { + signer = mbedtls_calloc( 1, sizeof( mbedtls_pkcs7_signer_info ) ); + if( !signer ) + { + ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; + goto cleanup; + } - end_set = end_set_signer; + ret = pkcs7_get_signer_info( p, end_set, signer ); + if( ret != 0 ) { + mbedtls_free( signer ); + goto cleanup; + } + prev->next = signer; + prev = signer; + count++; + } - ret = pkcs7_get_version( p, end_set, &signers_set->version ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + return( count ); - ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); - - /* Parsing IssuerAndSerialNumber */ - signers_set->issuer_raw.p = *p; - - ret = mbedtls_asn1_get_tag( p, end_set, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); - - ret = mbedtls_x509_get_name( p, *p + len, &signers_set->issuer ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - signers_set->issuer_raw.len = *p - signers_set->issuer_raw.p; - - ret = mbedtls_x509_get_serial( p, end_set, &signers_set->serial ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - ret = pkcs7_get_digest_algorithm( p, end_set, &signers_set->alg_identifier ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - ret = pkcs7_get_digest_algorithm( p, end_set, &signers_set->sig_alg_identifier ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - ret = pkcs7_get_signature( p, end_set, &signers_set->sig ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - signers_set->next = NULL; - - if (*p != end_set) - return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - - /* Since in this version we strictly support single signer, and reaching - * here implies we have parsed successfully, we return 1. */ - - return( 1 ); +cleanup: + signer = signers_set->next; + pkcs7_free_signer_info( signers_set ); + while( signer ) + { + prev = signer; + signer = signer->next; + pkcs7_free_signer_info( prev ); + mbedtls_free( prev ); + } + return( ret ); } /** @@ -419,7 +485,7 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, signed_data->no_of_signers = ret; - /* Support single signer */ + /* Don't permit trailing data */ if ( p != end ) ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; @@ -507,34 +573,62 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, size_t datalen ) { - int ret; + int ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; unsigned char *hash; mbedtls_pk_context pk_cxt = cert->pk; const mbedtls_md_info_t *md_info; mbedtls_md_type_t md_alg; + mbedtls_pkcs7_signer_info *signer; - ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); - if( ret != 0 ) + if( pkcs7->signed_data.no_of_signers == 0 ) return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); - md_info = mbedtls_md_info_from_type( md_alg ); - hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); - if( hash == NULL ) { - return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); - } - - ret = mbedtls_md( md_info, data, datalen, hash ); - if( ret != 0 ) + /* + * Potential TODOs + * Currently we iterate over all signers and return success if any of them + * verify. + * + * However, we could make this better by checking against the certificate's + * identification and SignerIdentifier fields first. That would also allow + * us to distinguish between 'no signature for key' and 'signature for key + * failed to validate'. + * + * We could also cache hashes by md, so if there are several sigs all using + * the same algo we don't recalculate the hash each time. + */ + signer = &pkcs7->signed_data.signers; + while( signer ) { - mbedtls_free( hash ); - return( ret ); - } - ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, 0, - pkcs7->signed_data.signers.sig.p, - pkcs7->signed_data.signers.sig.len ); + ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); - mbedtls_free( hash ); + md_info = mbedtls_md_info_from_type( md_alg ); + + hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); + if( hash == NULL ) { + return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + } + + ret = mbedtls_md( md_info, data, datalen, hash ); + if( ret != 0 ) + { + mbedtls_free( hash ); + return( ret ); + } + + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, + mbedtls_md_get_size( md_info ), + signer->sig.p, signer->sig.len ); + + mbedtls_free( hash ); + + if( ret == 0 ) + break; + + signer = signer->next; + } return( ret ); } @@ -564,8 +658,8 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, */ void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ) { - mbedtls_x509_name *name_cur; - mbedtls_x509_name *name_prv; + mbedtls_pkcs7_signer_info *signer_cur; + mbedtls_pkcs7_signer_info *signer_prev; if( pkcs7 == NULL || pkcs7->raw.p == NULL ) return; @@ -575,12 +669,14 @@ void mbedtls_pkcs7_free( mbedtls_pkcs7 *pkcs7 ) mbedtls_x509_crt_free( &pkcs7->signed_data.certs ); mbedtls_x509_crl_free( &pkcs7->signed_data.crl ); - name_cur = pkcs7->signed_data.signers.issuer.next; - while( name_cur != NULL ) + signer_cur = pkcs7->signed_data.signers.next; + pkcs7_free_signer_info( &pkcs7->signed_data.signers ); + while( signer_cur != NULL ) { - name_prv = name_cur; - name_cur = name_cur->next; - mbedtls_free( name_prv ); + signer_prev = signer_cur; + signer_cur = signer_prev->next; + pkcs7_free_signer_info( signer_prev ); + mbedtls_free( signer_prev ); } pkcs7->raw.p = NULL; diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index d5ecd21ccb..daced32b55 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -10,13 +10,9 @@ PKCS7 Signed Data Parse Pass Without CERT #3 depends_on:MBEDTLS_SHA256_C pkcs7_parse_without_cert:"data_files/pkcs7_data_without_cert_signed.der" -PKCS7 Signed Data Parse Fail with multiple signers #4 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_multiple_signers:"data_files/pkcs7_data_multiple_signed.der" - PKCS7 Signed Data Parse Fail with multiple certs #4 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_multiple_signers:"data_files/pkcs7_data_multiple_certs_signed.der" +pkcs7_parse_multiple_certs:"data_files/pkcs7_data_multiple_certs_signed.der" PKCS7 Signed Data Parse Fail with corrupted cert #5 depends_on:MBEDTLS_SHA256_C @@ -69,3 +65,7 @@ pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der" PKCS7 Only Signed Data Parse Pass #15 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der" + +PKCS7 Signed Data Verify with multiple signers #16 +depends_on:MBEDTLS_SHA256_C +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" \ No newline at end of file diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 01edadb5ff..261824d154 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -61,7 +61,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_multiple_signers( char *pkcs7_file ) +void pkcs7_parse_multiple_certs( char *pkcs7_file ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -75,19 +75,7 @@ void pkcs7_parse_multiple_signers( char *pkcs7_file ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res < 0 ); - - switch ( res ){ - case MBEDTLS_ERR_PKCS7_INVALID_CERT: - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); - break; - - case MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO: - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); - break; - default: - TEST_ASSERT(0); - } + TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); exit: mbedtls_free( pkcs7_buf ); @@ -411,6 +399,70 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ +void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + struct stat st; + size_t datalen; + int res; + FILE *file; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509_1; + mbedtls_x509_crt x509_2; + + USE_PSA_INIT(); + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509_1 ); + mbedtls_x509_crt_init( &x509_2 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); + + TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 ); + + res = mbedtls_x509_crt_parse_file( &x509_1, crt1 ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_x509_crt_parse_file( &x509_2, crt2 ); + TEST_ASSERT( res == 0 ); + + res = stat( filetobesigned, &st ); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "r" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) ); + buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen ); + + fclose( file ); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_x509_crt_free( &x509_1 ); + mbedtls_x509_crt_free( &x509_2 ); + mbedtls_pkcs7_free( &pkcs7 ); + mbedtls_free( data ); + mbedtls_free( pkcs7_buf ); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ void pkcs7_parse_failure( char *pkcs7_file ) { From 62b2d7e7d4a21500e2a159cbae4541903707133d Mon Sep 17 00:00:00 2001 From: Nick Child Date: Thu, 14 Jul 2022 16:24:59 -0500 Subject: [PATCH 016/139] pkcs7: Support verification of hash with multiple signers Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the PKCS7 structure and return success if any of them verify successfully. Signed-off-by: Nick Child --- library/pkcs7.c | 39 ++++++++++--- tests/suites/test_suite_pkcs7.data | 6 +- tests/suites/test_suite_pkcs7.function | 76 ++++++++++++++++++++++++++ 3 files changed, 112 insertions(+), 9 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 0f4e1ec2b4..65dc83a4c3 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -637,18 +637,41 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *hash, size_t hashlen) { - int ret; + int ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + const mbedtls_md_info_t *md_info; mbedtls_md_type_t md_alg; mbedtls_pk_context pk_cxt; - - ret = mbedtls_oid_get_md_alg( &pkcs7->signed_data.digest_alg_identifiers, &md_alg ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + mbedtls_pkcs7_signer_info *signer; pk_cxt = cert->pk; - ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, hashlen, - pkcs7->signed_data.signers.sig.p, - pkcs7->signed_data.signers.sig.len ); + + if( pkcs7->signed_data.no_of_signers == 0 ) + return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + + signer = &pkcs7->signed_data.signers; + while( signer ) + { + ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); + if( ret != 0 ) + return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + + md_info = mbedtls_md_info_from_type( md_alg ); + + if( hashlen != mbedtls_md_get_size( md_info ) ) + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + signer = signer->next; + continue; + } + + ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, hashlen, + pkcs7->signed_data.signers.sig.p, + pkcs7->signed_data.signers.sig.len ); + if( ret == 0 ) + break; + + signer = signer->next; + } return ( ret ); } diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index daced32b55..b813c6d3eb 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -68,4 +68,8 @@ pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der" PKCS7 Signed Data Verify with multiple signers #16 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" \ No newline at end of file +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" + +PKCS7 Signed Data Hash Verify with multiple signers #17 +depends_on:MBEDTLS_SHA256_C +pkcs7_verify_hash_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 261824d154..9822fb826e 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -293,6 +293,82 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ +void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) +{ + unsigned char *pkcs7_buf = NULL; + size_t buflen; + unsigned char *data = NULL; + unsigned char hash[32]; + struct stat st; + size_t datalen; + int res; + FILE *file; + const mbedtls_md_info_t *md_info; + mbedtls_md_type_t md_alg; + + mbedtls_pkcs7 pkcs7; + mbedtls_x509_crt x509_1; + mbedtls_x509_crt x509_2; + + USE_PSA_INIT(); + + mbedtls_pkcs7_init( &pkcs7 ); + mbedtls_x509_crt_init( &x509_1 ); + mbedtls_x509_crt_init( &x509_2 ); + + res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); + TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); + + TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 ); + + res = mbedtls_x509_crt_parse_file( &x509_1, crt1 ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_x509_crt_parse_file( &x509_2, crt2 ); + TEST_ASSERT( res == 0 ); + + res = stat( filetobesigned, &st ); + TEST_ASSERT( res == 0 ); + + file = fopen( filetobesigned, "r" ); + TEST_ASSERT( file != NULL ); + + datalen = st.st_size; + data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) ); + buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); + TEST_ASSERT( buflen == datalen ); + + fclose( file ); + + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + + md_info = mbedtls_md_info_from_type( md_alg ); + + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); + TEST_ASSERT( res == 0 ); + + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); + TEST_ASSERT( res == 0 ); + +exit: + mbedtls_x509_crt_free( &x509_1 ); + mbedtls_x509_crt_free( &x509_2 ); + mbedtls_pkcs7_free( &pkcs7 ); + mbedtls_free( data ); + mbedtls_free( pkcs7_buf ); + USE_PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) { From 9f4fb3e63f90225661bf3268a6390aaeb3392423 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Mon, 12 Sep 2022 16:21:02 -0500 Subject: [PATCH 017/139] pkcs7: Unite function return style In response to feedback[1], standardize return variable management across all pkcs7 functions. Additionally, when adding return codes from two error values, use `MBEDTLS_ERROR_ADD` as recommended [2]. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953634781 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953635128 Signed-off-by: Nick Child --- library/pkcs7.c | 233 +++++++++++++++++++++++++++++++----------------- 1 file changed, 152 insertions(+), 81 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 65dc83a4c3..2299cfdac6 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -24,6 +24,7 @@ #include "mbedtls/x509_crt.h" #include "mbedtls/x509_crl.h" #include "mbedtls/oid.h" +#include "mbedtls/error.h" #include #include @@ -64,15 +65,16 @@ void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ) static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, size_t *len ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) + ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC ); + if( ret != 0 ) { - return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret ); } - return( 0 ); + return( ret ); } /** @@ -81,16 +83,17 @@ static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, **/ static int pkcs7_get_version( unsigned char **p, unsigned char *end, int *ver ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_VERSION + ret ); + ret = mbedtls_asn1_get_int( p, end, ver ); + if( ret != 0 ) + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_VERSION, ret ); /* If version != 1, return invalid version */ if( *ver != MBEDTLS_PKCS7_SUPPORTED_VERSION ) - return( MBEDTLS_ERR_PKCS7_INVALID_VERSION ); + ret = MBEDTLS_ERR_PKCS7_INVALID_VERSION; - return( 0 ); + return( ret ); } /** @@ -103,26 +106,29 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, mbedtls_pkcs7_buf *pkcs7 ) { size_t len = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *start = *p; ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) { *p = start; - return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret ); + goto out; } ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OID ); if( ret != 0 ) { *p = start; - return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO + ret ); + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret ); + goto out; } pkcs7->tag = MBEDTLS_ASN1_OID; pkcs7->len = len; pkcs7->p = *p; +out: return( ret ); } @@ -134,12 +140,12 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, static int pkcs7_get_digest_algorithm( unsigned char **p, unsigned char *end, mbedtls_x509_buf *alg ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret ); - return( 0 ); + return( ret ); } /** @@ -150,24 +156,31 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p, mbedtls_x509_buf *alg ) { size_t len = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret ); + goto out; + } end = *p + len; /** For now, it assumes there is only one digest algorithm specified **/ ret = mbedtls_asn1_get_alg_null( p, end, alg ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_ALG + ret ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_ALG, ret ); + goto out; + } if ( *p != end ) - return ( MBEDTLS_ERR_PKCS7_INVALID_FORMAT ); + ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; - return( 0 ); +out: + return( ret ); } /** @@ -182,7 +195,7 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p, static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, mbedtls_x509_crt *certs ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len1 = 0; size_t len2 = 0; unsigned char *end_set, *end_cert; @@ -192,9 +205,10 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) { if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( 0 ); - - return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + ret = 0; + else + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret ); + goto out; } start = *p; end_set = *p + len1; @@ -202,7 +216,10 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, ret = mbedtls_asn1_get_tag( p, end_set, &len2, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_CERT + ret ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_CERT, ret ); + goto out; + } end_cert = *p + len2; @@ -213,18 +230,28 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, * The behaviour would be improved with addition of multiple signer support. */ if (end_cert != end_set) - return ( MBEDTLS_ERR_PKCS7_INVALID_CERT ); + { + ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; + goto out; + } *p = start; if( ( ret = mbedtls_x509_crt_parse( certs, *p, len1 ) ) < 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_CERT ); + { + ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; + goto out; + } *p = *p + len1; - /* Since in this version we strictly support single certificate, and reaching - * here implies we have parsed successfully, we return 1. */ + /* + * Since in this version we strictly support single certificate, and reaching + * here implies we have parsed successfully, we return 1. + */ + ret = 1; - return( 1 ); +out: + return( ret ); } /** @@ -233,12 +260,12 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, static int pkcs7_get_signature( unsigned char **p, unsigned char *end, mbedtls_pkcs7_buf *signature ) { - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_OCTET_STRING ); if( ret != 0 ) - return( ret ); + goto out; signature->tag = MBEDTLS_ASN1_OCTET_STRING; signature->len = len; @@ -246,7 +273,8 @@ static int pkcs7_get_signature( unsigned char **p, unsigned char *end, *p = *p + len; - return( 0 ); +out: + return( ret ); } /** @@ -267,60 +295,67 @@ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end, mbedtls_pkcs7_signer_info *signer ) { unsigned char *end_signer; - int ret; + int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; - ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + asn1_ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + if( asn1_ret != 0 ) + goto out; end_signer = *p + len; ret = pkcs7_get_version( p, end_signer, &signer->version ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; - ret = mbedtls_asn1_get_tag( p, end_signer, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + asn1_ret = mbedtls_asn1_get_tag( p, end_signer, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); + if( asn1_ret != 0 ) + goto out; /* Parsing IssuerAndSerialNumber */ signer->issuer_raw.p = *p; - ret = mbedtls_asn1_get_tag( p, end_signer, &len, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_SEQUENCE ); - if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + asn1_ret = mbedtls_asn1_get_tag( p, end_signer, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); + if( asn1_ret != 0 ) + goto out; ret = mbedtls_x509_get_name( p, *p + len, &signer->issuer ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; signer->issuer_raw.len = *p - signer->issuer_raw.p; ret = mbedtls_x509_get_serial( p, end_signer, &signer->serial ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->alg_identifier ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->sig_alg_identifier ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; ret = pkcs7_get_signature( p, end_signer, &signer->sig ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + goto out; /* Do not permit any unauthenticated attributes */ if( *p != end_signer ) - return ( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO ); + ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; - return( 0 ); +out: + if( asn1_ret != 0 ) + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, + asn1_ret ); + else if( ret != 0 ) + ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; + + return( ret ); } static void pkcs7_free_signer_info( mbedtls_pkcs7_signer_info *signer ) @@ -350,7 +385,7 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, mbedtls_pkcs7_signer_info *signers_set ) { unsigned char *end_set; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int count = 0; size_t len = 0; mbedtls_pkcs7_signer_info *signer, *prev; @@ -358,17 +393,23 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + ret ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, ret ); + goto out; + } /* Detect zero signers */ if( len == 0 ) - return( 0 ); + { + ret = 0; + goto out; + } end_set = *p + len; ret = pkcs7_get_signer_info( p, end_set, signers_set ); if( ret != 0 ) - return( ret ); + goto out; count++; prev = signers_set; @@ -391,7 +432,8 @@ static int pkcs7_get_signers_info_set( unsigned char **p, unsigned char *end, count++; } - return( count ); + ret = count; + goto out; cleanup: signer = signers_set->next; @@ -403,6 +445,8 @@ cleanup: pkcs7_free_signer_info( prev ); mbedtls_free( prev ); } + +out: return( ret ); } @@ -425,39 +469,46 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, unsigned char *end = buf + buflen; unsigned char *end_set; size_t len = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_FORMAT + ret ); + { + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret ); + goto out; + } end_set = p + len; /* Get version of signed data */ ret = pkcs7_get_version( &p, end_set, &signed_data->version ); if( ret != 0 ) - return( ret ); + goto out; /* Get digest algorithm */ ret = pkcs7_get_digest_algorithm_set( &p, end_set, &signed_data->digest_alg_identifiers ); if( ret != 0 ) - return( ret ); + goto out; ret = mbedtls_oid_get_md_alg( &signed_data->digest_alg_identifiers, &md_alg ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_INVALID_ALG ); + { + ret = MBEDTLS_ERR_PKCS7_INVALID_ALG; + goto out; + } /* Do not expect any content */ ret = pkcs7_get_content_info_type( &p, end_set, &signed_data->content.oid ); if( ret != 0 ) - return( ret ); + goto out; if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid ) ) { - return( MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO ) ; + ret = MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; + goto out; } p = p + signed_data->content.oid.len; @@ -466,7 +517,7 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, mbedtls_x509_crt_init( &signed_data->certs ); ret = pkcs7_get_certificates( &p, end_set, &signed_data->certs ); if( ret < 0 ) - return( ret ) ; + goto out; signed_data->no_of_certs = ret; @@ -481,15 +532,17 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, /* Get signers info */ ret = pkcs7_get_signers_info_set( &p, end_set, &signed_data->signers ); if( ret < 0 ) - return( ret ); + goto out; signed_data->no_of_signers = ret; /* Don't permit trailing data */ if ( p != end ) ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; + else + ret = 0; - ret = 0; +out: return( ret ); } @@ -499,17 +552,21 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, unsigned char *start; unsigned char *end; size_t len = 0; - int ret; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int isoidset = 0; if( !pkcs7 ) - return( MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA ); + { + ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + goto out; + } /* make an internal copy of the buffer for parsing */ pkcs7->raw.p = start = mbedtls_calloc( 1, buflen ); if( pkcs7->raw.p == NULL ) { - return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; + goto out; } memcpy( start, buf, buflen ); pkcs7->raw.len = buflen; @@ -573,7 +630,7 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, size_t datalen ) { - int ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *hash; mbedtls_pk_context pk_cxt = cert->pk; const mbedtls_md_info_t *md_info; @@ -581,8 +638,10 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, mbedtls_pkcs7_signer_info *signer; if( pkcs7->signed_data.no_of_signers == 0 ) - return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); - + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + goto out; + } /* * Potential TODOs @@ -602,20 +661,24 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, { ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + goto out; + } md_info = mbedtls_md_info_from_type( md_alg ); hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); if( hash == NULL ) { - return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); + ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; + goto out; } ret = mbedtls_md( md_info, data, datalen, hash ); if( ret != 0 ) { mbedtls_free( hash ); - return( ret ); + goto out; } ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, @@ -630,6 +693,7 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, signer = signer->next; } +out: return( ret ); } @@ -637,7 +701,7 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *hash, size_t hashlen) { - int ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_md_info_t *md_info; mbedtls_md_type_t md_alg; mbedtls_pk_context pk_cxt; @@ -646,14 +710,20 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, pk_cxt = cert->pk; if( pkcs7->signed_data.no_of_signers == 0 ) - return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + goto out; + } signer = &pkcs7->signed_data.signers; while( signer ) { ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); if( ret != 0 ) - return( MBEDTLS_ERR_PKCS7_VERIFY_FAIL ); + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + goto out; + } md_info = mbedtls_md_info_from_type( md_alg ); @@ -673,6 +743,7 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, signer = signer->next; } +out: return ( ret ); } From 8a94de40c711612048aa4583b8dc617b206b7f37 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 14 Sep 2022 10:51:51 -0500 Subject: [PATCH 018/139] test/pkcs7: Reduce number of test functions In response to feedback[1], we can reuse much of the functions in similar test cases by specifying some additional parameters. Specifically, test cases which probe the functionality of `mbedtls_pkcs7_parse_der` have all been merged into one test function. Additionally, all test cases which examine the `mbedtls_pkcs7_signed_data_verify` and `mbedtls_pkcs7_signed_hash_verify` functions have been merged into two test functions (one for single and one for multiple signers). [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953686780 Signed-off-by: Nick Child --- tests/suites/test_suite_pkcs7.data | 50 +-- tests/suites/test_suite_pkcs7.function | 439 ++----------------------- 2 files changed, 61 insertions(+), 428 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index b813c6d3eb..b26a16fb94 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -1,75 +1,75 @@ PKCS7 Signed Data Parse Pass SHA256 #1 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass SHA1 #2 -depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der" +depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signed_sha1.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Pass Without CERT #3 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_without_cert:"data_files/pkcs7_data_without_cert_signed.der" +pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Fail with multiple certs #4 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_multiple_certs:"data_files/pkcs7_data_multiple_certs_signed.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted cert #5 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_corrupted_cert:"data_files/pkcs7_data_signed_badcert.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_signed_badcert.der":MBEDTLS_ERR_PKCS7_INVALID_CERT PKCS7 Signed Data Parse Fail with corrupted signer info #6 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse_corrupted_signer_info:"data_files/pkcs7_data_signed_badsigner.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_version:"data_files/pkcs7_data_cert_signed_v2.der" +pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION PKCS7 Signed Data Parse Fail Encrypted Content #8 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_content_oid:"data_files/pkcs7_data_cert_encrypted.der" +pkcs7_parse:"data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Verification Pass SHA256 #9 depends_on:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA256 #9.1 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_hash:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 PKCS7 Signed Data Verification Pass SHA1 #10 depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha1.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Pass SHA512 #11 depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA256_C -pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha512.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Verification Fail because of different certificate #12 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_badcert:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Verification Fail because of different data hash #13 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_tampered_data:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin" +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED PKCS7 Signed Data Parse Failure Corrupt signerInfo.issuer #15.1 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_failure:"data_files/pkcs7_signerInfo_issuer_invalid_size.der" +pkcs7_parse:"data_files/pkcs7_signerInfo_issuer_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2 depends_on:MBEDTLS_SHA256_C -pkcs7_parse_failure:"data_files/pkcs7_signerInfo_serial_invalid_size.der" +pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Only Signed Data Parse Pass #15 -depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der" +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Verify with multiple signers #16 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0 PKCS7 Signed Data Hash Verify with multiple signers #17 depends_on:MBEDTLS_SHA256_C -pkcs7_verify_hash_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin" +pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0 diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 9822fb826e..8db3f3f53d 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -14,31 +14,8 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_without_cert( char *pkcs7_file ) +void pkcs7_parse( char *pkcs7_file, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -52,7 +29,7 @@ void pkcs7_parse_without_cert( char *pkcs7_file ) TEST_ASSERT( res == 0 ); res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); + TEST_ASSERT( res == res_expect ); exit: mbedtls_free( pkcs7_buf ); @@ -60,175 +37,8 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_multiple_certs( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_corrupted_cert( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_CERT ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_RSA_C */ -void pkcs7_parse_corrupted_signer_info( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res < 0 ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_version( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_INVALID_VERSION ); - -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_content_oid( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res != 0 ); - TEST_ASSERT( res == MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE ); -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - mbedtls_free( pkcs7_buf ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res == 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_free( data ); - mbedtls_pkcs7_free( &pkcs7 ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SHA256_C */ -void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) +void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -272,17 +82,23 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned ) TEST_ASSERT( buflen == datalen); fclose( file ); - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); - TEST_ASSERT( res == 0 ); - TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + if( do_hash_alg ) + { + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == (mbedtls_md_type_t) do_hash_alg ); + md_info = mbedtls_md_info_from_type( md_alg ); - md_info = mbedtls_md_info_from_type( md_alg ); + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); - res = mbedtls_md( md_info, data, datalen, hash ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); - TEST_ASSERT( res == 0 ); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) ); + } + else + { + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); + } + TEST_ASSERT( res == res_expect ); exit: mbedtls_x509_crt_free( &x509 ); @@ -294,7 +110,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) +void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned, int do_hash_alg, int res_expect ) { unsigned char *pkcs7_buf = NULL; size_t buflen; @@ -344,20 +160,28 @@ void pkcs7_verify_hash_multiple_signers( char *pkcs7_file, char *crt1, char *crt fclose( file ); - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); - TEST_ASSERT( res == 0 ); - TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); + if( do_hash_alg ) + { + res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + TEST_ASSERT( res == 0 ); + TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); - md_info = mbedtls_md_info_from_type( md_alg ); + md_info = mbedtls_md_info_from_type( md_alg ); - res = mbedtls_md( md_info, data, datalen, hash ); - TEST_ASSERT( res == 0 ); + res = mbedtls_md( md_info, data, datalen, hash ); + TEST_ASSERT( res == 0 ); - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); - TEST_ASSERT( res == 0 ); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); + TEST_ASSERT( res == res_expect ); + } + else + { + res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); + TEST_ASSERT( res == res_expect ); + } res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); - TEST_ASSERT( res == 0 ); + TEST_ASSERT( res == res_expect ); exit: mbedtls_x509_crt_free( &x509_1 ); @@ -368,194 +192,3 @@ exit: USE_PSA_DONE(); } /* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_badcert( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res != 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_free( data ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_tampered_data( char *pkcs7_file, char *crt, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - res = mbedtls_x509_crt_parse_file( &x509, crt ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "rb" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); - - fclose(file); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509, data, datalen ); - TEST_ASSERT( res != 0 ); - -exit: - mbedtls_x509_crt_free( &x509 ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( data ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */ -void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, char *filetobesigned ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - unsigned char *data = NULL; - struct stat st; - size_t datalen; - int res; - FILE *file; - - mbedtls_pkcs7 pkcs7; - mbedtls_x509_crt x509_1; - mbedtls_x509_crt x509_2; - - USE_PSA_INIT(); - - mbedtls_pkcs7_init( &pkcs7 ); - mbedtls_x509_crt_init( &x509_1 ); - mbedtls_x509_crt_init( &x509_2 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res == MBEDTLS_PKCS7_SIGNED_DATA ); - - TEST_ASSERT( pkcs7.signed_data.no_of_signers == 2 ); - - res = mbedtls_x509_crt_parse_file( &x509_1, crt1 ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_x509_crt_parse_file( &x509_2, crt2 ); - TEST_ASSERT( res == 0 ); - - res = stat( filetobesigned, &st ); - TEST_ASSERT( res == 0 ); - - file = fopen( filetobesigned, "r" ); - TEST_ASSERT( file != NULL ); - - datalen = st.st_size; - data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) ); - buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen ); - - fclose( file ); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_1, data, datalen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_signed_data_verify( &pkcs7, &x509_2, data, datalen ); - TEST_ASSERT( res == 0 ); - -exit: - mbedtls_x509_crt_free( &x509_1 ); - mbedtls_x509_crt_free( &x509_2 ); - mbedtls_pkcs7_free( &pkcs7 ); - mbedtls_free( data ); - mbedtls_free( pkcs7_buf ); - USE_PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ -void pkcs7_parse_failure( char *pkcs7_file ) -{ - unsigned char *pkcs7_buf = NULL; - size_t buflen; - int res; - mbedtls_pkcs7 pkcs7; - - mbedtls_pkcs7_init( &pkcs7 ); - - res = mbedtls_pk_load_file( pkcs7_file, &pkcs7_buf, &buflen ); - TEST_ASSERT( res == 0 ); - - res = mbedtls_pkcs7_parse_der( &pkcs7, pkcs7_buf, buflen ); - TEST_ASSERT( res != 0 ); -exit: - mbedtls_free( pkcs7_buf ); - mbedtls_pkcs7_free( &pkcs7 ); -} -/* END_CASE */ From 7089ce83812a13191ba4f3af4b68e840d4660693 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 14 Sep 2022 14:10:00 -0500 Subject: [PATCH 019/139] pkcs7: Handle md errors in multisigner pkcs7 verification In resonse to feedback [1], if `mbedtls_md_info_from_type` were to fail then skip the signer and try the next one. Additionally, use a for loop instead of a while loop when iterating over signers because it simplifies the use of `continue`. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967198650 Signed-off-by: Nick Child --- library/pkcs7.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 2299cfdac6..3178ddcabc 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -656,17 +656,21 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, * We could also cache hashes by md, so if there are several sigs all using * the same algo we don't recalculate the hash each time. */ - signer = &pkcs7->signed_data.signers; - while( signer ) + for( signer = &pkcs7->signed_data.signers; signer; signer = signer->next ) { ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); if( ret != 0 ) { ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - goto out; + continue; } md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + continue; + } hash = mbedtls_calloc( mbedtls_md_get_size( md_info ), 1 ); if( hash == NULL ) { @@ -677,8 +681,9 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, ret = mbedtls_md( md_info, data, datalen, hash ); if( ret != 0 ) { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; mbedtls_free( hash ); - goto out; + continue; } ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, @@ -689,8 +694,6 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, if( ret == 0 ) break; - - signer = signer->next; } out: @@ -716,16 +719,21 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, } signer = &pkcs7->signed_data.signers; - while( signer ) + for( signer = &pkcs7->signed_data.signers; signer; signer = signer->next ) { ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); if( ret != 0 ) { ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - goto out; + continue; } md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + continue; + } if( hashlen != mbedtls_md_get_size( md_info ) ) { @@ -739,8 +747,6 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, pkcs7->signed_data.signers.sig.len ); if( ret == 0 ) break; - - signer = signer->next; } out: From 34d5e931cf50a0647d13b05ac1577333b2c8a249 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 14 Sep 2022 14:44:03 -0500 Subject: [PATCH 020/139] pkcs7: Use better return code for unimplemented specifications In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the pkcs7 implemntation being incomplete. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276 Signed-off-by: Nick Child --- library/pkcs7.c | 6 +++--- tests/suites/test_suite_pkcs7.data | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 3178ddcabc..9dcbab26c4 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -168,7 +168,6 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p, end = *p + len; - /** For now, it assumes there is only one digest algorithm specified **/ ret = mbedtls_asn1_get_alg_null( p, end, alg ); if( ret != 0 ) { @@ -176,8 +175,9 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p, goto out; } + /** For now, it assumes there is only one digest algorithm specified **/ if ( *p != end ) - ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; out: return( ret ); @@ -231,7 +231,7 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, */ if (end_cert != end_set) { - ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; goto out; } diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index b26a16fb94..4f81b6f283 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -12,7 +12,7 @@ pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED PKCS7 Signed Data Parse Fail with multiple certs #4 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C -pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT +pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE PKCS7 Signed Data Parse Fail with corrupted cert #5 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C From 8ce1b1afc87c7551e3cb5efa99c1b2fce6ef953d Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 14 Sep 2022 14:51:23 -0500 Subject: [PATCH 021/139] pkcs7: Correct various syntatical mistakes Resond to feedback from the following comments: - use correct spacing [1-7] - remove unnecessary parenthesis [8] - fixup comments [9-11] - remove unnecessary init work [12] - use var instead of type for sizeof [13] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384 [5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558 [6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793 [7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951 [8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102 [9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775 [10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905 [11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932 [12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430 [13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159 Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 17 ++++++++--------- library/pkcs7.c | 10 +++++----- tests/suites/test_suite_pkcs7.function | 10 +++++----- 3 files changed, 18 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 7699b60d53..c56926fd53 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -22,23 +22,22 @@ */ /** - * Note: For the time being, this application of the PKCS7 cryptographic + * Note: For the time being, this implementation of the PKCS7 cryptographic * message syntax is a partial implementation of RFC 2315. * Differences include: * - The RFC specifies 6 different content types. The only type currently - * supported in MbedTLS is the signed data content type. + * supported in Mbed TLS is the signed data content type. * - The only supported PKCS7 Signed Data syntax version is version 1 - * - The RFC specifies support for BER. This application is limited to + * - The RFC specifies support for BER. This implementation is limited to * DER only. * - The RFC specifies that multiple digest algorithms can be specified - * in the Signed Data type. Only one digest algorithm is supported in MbedTLS. - * - The RFC specifies the Signed Data certificate format can be - * X509 or PKCS6. The only type currently supported in MbedTLS is X509. + * in the Signed Data type. Only one digest algorithm is supported in Mbed TLS. + * - The RFC specifies the Signed Data type can contain multiple X509 or PKCS6 + * certificates. In Mbed TLS, this list can only contain 0 or 1 certificates + * and they must be in X509 format. * - The RFC specifies the Signed Data type can contain - * certificate-revocation lists (crls). This application has no support + * certificate-revocation lists (crls). This implementation has no support * for crls so it is assumed to be an empty list. - * - The RFC specifies support for multiple signers. This application only - * supports the Signed Data type with a single signer. */ #ifndef MBEDTLS_PKCS7_H diff --git a/library/pkcs7.c b/library/pkcs7.c index 9dcbab26c4..5ec10891ca 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -58,8 +58,7 @@ */ void mbedtls_pkcs7_init( mbedtls_pkcs7 *pkcs7 ) { - memset( pkcs7, 0, sizeof( mbedtls_pkcs7 ) ); - pkcs7->raw.p = NULL; + memset( pkcs7, 0, sizeof( *pkcs7 ) ); } static int pkcs7_get_next_content_len( unsigned char **p, unsigned char *end, @@ -229,7 +228,7 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, * So, we support only the root certificate and the single signer. * The behaviour would be improved with addition of multiple signer support. */ - if (end_cert != end_set) + if ( end_cert != end_set ) { ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; goto out; @@ -702,7 +701,8 @@ out: int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, - const unsigned char *hash, size_t hashlen) + const unsigned char *hash, + size_t hashlen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_md_info_t *md_info; @@ -750,7 +750,7 @@ int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, } out: - return ( ret ); + return( ret ); } /* diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 8db3f3f53d..c5094bcca8 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -76,15 +76,15 @@ void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_has datalen = st.st_size; data = mbedtls_calloc( datalen, 1 ); - TEST_ASSERT( data != NULL); + TEST_ASSERT( data != NULL ); buflen = fread( (void *)data , sizeof( unsigned char ), datalen, file ); - TEST_ASSERT( buflen == datalen); + TEST_ASSERT( buflen == datalen ); fclose( file ); if( do_hash_alg ) { - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg ); TEST_ASSERT( res == 0 ); TEST_ASSERT( md_alg == (mbedtls_md_type_t) do_hash_alg ); md_info = mbedtls_md_info_from_type( md_alg ); @@ -162,7 +162,7 @@ void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, ch if( do_hash_alg ) { - res = mbedtls_oid_get_md_alg( &(pkcs7.signed_data.digest_alg_identifiers), &md_alg ); + res = mbedtls_oid_get_md_alg( &pkcs7.signed_data.digest_alg_identifiers, &md_alg ); TEST_ASSERT( res == 0 ); TEST_ASSERT( md_alg == MBEDTLS_MD_SHA256 ); @@ -171,7 +171,7 @@ void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, ch res = mbedtls_md( md_info, data, datalen, hash ); TEST_ASSERT( res == 0 ); - res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash)); + res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509_1, hash, sizeof(hash) ); TEST_ASSERT( res == res_expect ); } else From 9512bde5c31b21c09697db5e3845e0375e38ef51 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 16 Sep 2022 09:49:06 -0500 Subject: [PATCH 022/139] pkcs7: Fix pkcs7 error code values Mbed TLS uses a two layer system for error codes. The least significant 7 bits should be used to signal low-level module errors. Since PKCS7 is a high level module, it should leave these bits unassigned. To do this, the least significant byte of PKCS7 error codes must either be 0x00 or 0x80. Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index c56926fd53..513b707d67 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -56,15 +56,15 @@ * \{ */ #define MBEDTLS_ERR_PKCS7_INVALID_FORMAT -0x5300 /**< The format is invalid, e.g. different type expected. */ -#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x53F0 /**< Unavailable feature, e.g. anything other than signed data. */ +#define MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE -0x5380 /**< Unavailable feature, e.g. anything other than signed data. */ #define MBEDTLS_ERR_PKCS7_INVALID_VERSION -0x5400 /**< The PKCS7 version element is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x54F0 /**< The PKCS7 content info invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO -0x5480 /**< The PKCS7 content info invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_ALG -0x5500 /**< The algorithm tag or value is invalid or cannot be parsed. */ -#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x55F0 /**< The certificate tag or value is invalid or cannot be parsed. */ +#define MBEDTLS_ERR_PKCS7_INVALID_CERT -0x5580 /**< The certificate tag or value is invalid or cannot be parsed. */ #define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE -0x5600 /**< Error parsing the signature */ -#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x56F0 /**< Error parsing the signer's info */ +#define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO -0x5680 /**< Error parsing the signer's info */ #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ -#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x57F0 /**< Allocation of memory failed. */ +#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ /* \} name */ From 5f9456f3e36fcb5a45955eb632cf42ae2962e9c9 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Mon, 19 Sep 2022 10:01:25 -0500 Subject: [PATCH 023/139] pkcs7: Fix trailing whitespace Signed-off-by: Nick Child --- library/pkcs7.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 5ec10891ca..c4d605e009 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -243,9 +243,9 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, *p = *p + len1; - /* + /* * Since in this version we strictly support single certificate, and reaching - * here implies we have parsed successfully, we return 1. + * here implies we have parsed successfully, we return 1. */ ret = 1; @@ -701,7 +701,7 @@ out: int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, - const unsigned char *hash, + const unsigned char *hash, size_t hashlen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 2df73ae7425b902fef8feffeccc47a8d1fd80c05 Mon Sep 17 00:00:00 2001 From: "Denis V. Lunev" Date: Thu, 1 Nov 2018 12:22:27 +0300 Subject: [PATCH 024/139] mbedtls: fix possible false success in ...check_tags() helpers We should report a error when the security check of the security tag was not made. In the other case false success is possible and is not observable by the software. Technically this could lead to a security flaw. Signed-off-by: Denis V. Lunev --- library/cipher.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 752d1fea2c..2f2e03ba18 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -505,7 +505,7 @@ int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx, } #endif - return( 0 ); + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */ @@ -1134,7 +1134,7 @@ int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx, } #endif - return( 0 ); + return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, @@ -1161,11 +1161,8 @@ int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx, } #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* Status to return on a non-authenticated algorithm. It would make sense - * to return MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or perhaps - * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our - * unit tests assume 0. */ - ret = 0; + /* Status to return on a non-authenticated algorithm. */ + ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; #if defined(MBEDTLS_GCM_C) if( MBEDTLS_MODE_GCM == ctx->cipher_info->mode ) From c621a6d38fa9bcb3e892136acdb4c34f8e3cdce4 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 30 Sep 2022 17:13:35 +0100 Subject: [PATCH 025/139] Update tests to account for CIPHER_FEATURE_UNAVAILABLE on non-authenticated alg Signed-off-by: Tom Cosgrove --- tests/suites/test_suite_cipher.function | 44 +++++++++++++++++++------ 1 file changed, 34 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 37468df71a..7f5b7e2901 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -453,8 +453,12 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) ); - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) ); + int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || + cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof(ad) - i ) ); + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof(ad) - i ) ); #endif block_size = mbedtls_cipher_get_block_size( &ctx_enc ); @@ -473,7 +477,7 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, total_len += outlen; #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) ); + TEST_EQUAL( expected, mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof(tag) ) ); #endif TEST_ASSERT( total_len == length || @@ -494,7 +498,7 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, total_len += outlen; #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) ); + TEST_EQUAL( expected, mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof(tag) ) ); #endif /* check result */ @@ -550,7 +554,11 @@ void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val, TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); + int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || + cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); #endif /* encode length number of bytes from inbuf */ @@ -612,7 +620,11 @@ void dec_empty_buf( int cipher, TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); + int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || + cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); #endif /* decode 0-byte string */ @@ -713,8 +725,12 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) ); + int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || + cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) ); #endif block_size = mbedtls_cipher_get_block_size( &ctx_enc ); @@ -798,7 +814,11 @@ void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) ); TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); + int expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || + ctx.cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); #endif /* decode buffer and check tag->x */ @@ -809,7 +829,11 @@ void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, &outlen ) ); total_len += outlen; #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); + int tag_expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || + ctx.cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; + + TEST_EQUAL( tag_expected, mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); #endif /* check plaintext only if everything went fine */ From 51a01638286cb0da13fbc79d553e6aa47f724113 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 30 Sep 2022 18:10:58 +0100 Subject: [PATCH 026/139] Add ChangeLog entry Signed-off-by: Tom Cosgrove --- ...fix-possible-false-success-in-mbedtls_cipher_check_tag.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt diff --git a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt new file mode 100644 index 0000000000..01492438aa --- /dev/null +++ b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt @@ -0,0 +1,4 @@ +Changes + * Calling AEAD tag-specific functions for non-AEAD algorithms (which should not + be done - they are documented for use only by AES-GCM and ChaCha20+Poly1305) + now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE instead of success (0). From 7dbe8528f38c393d76b2cbbd358c0b847b9cac11 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 30 Sep 2022 17:24:29 -0500 Subject: [PATCH 027/139] pkcs7: Import header files with included directory path not relative path In #include statements, rely on -I paths instead of relative paths. Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 513b707d67..9486c71535 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -47,9 +47,9 @@ #include "mbedtls/build_info.h" -#include "asn1.h" -#include "x509.h" -#include "x509_crt.h" +#include "mbedtls/asn1.h" +#include "mbedtls/x509.h" +#include "mbedtls/x509_crt.h" /** * \name PKCS7 Module Error codes From edca207260d1570dec59b96eee00c82af5acbf1f Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 14 Oct 2022 12:10:40 +0100 Subject: [PATCH 028/139] MBEDTLS_CIPHER_CHACHA20_POLY1305 is an mbedtls_cipher_type_t not an mbedtls_cipher_mode_t Signed-off-by: Tom Cosgrove --- tests/suites/test_suite_cipher.function | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 7f5b7e2901..708adb09b1 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -454,7 +454,7 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof(ad) - i ) ); @@ -555,7 +555,7 @@ void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val, TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); @@ -621,7 +621,7 @@ void dec_empty_buf( int cipher, #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); @@ -726,7 +726,7 @@ void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || - cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); @@ -815,7 +815,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || - ctx.cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); @@ -830,7 +830,7 @@ void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, total_len += outlen; #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int tag_expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || - ctx.cipher_info->mode == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? + ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; TEST_EQUAL( tag_expected, mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); From 73621ef0f08951885b321f0b9964203ae04c9fb5 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 28 Oct 2022 11:23:15 -0500 Subject: [PATCH 029/139] pkcs7: Improve verify logic and rebuild test data Various responses to feedback regarding the pkcs7_verify_signed_data/hash functions. Mainly, merge these two functions into one to reduce redudant logic [1]. As a result, an identified bug about skipping over a signer is patched [2]. Additionally, add a conditional in the verify logic that checks if the given x509 validity period is expired [3]. During testing of this conditional, it turned out that all of the testing data was expired. So, rebuild all of the pkcs7 testing data to refresh timestamps. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206 Signed-off-by: Nick Child --- library/pkcs7.c | 87 +++++++----------- tests/data_files/pkcs7-rsa-sha256-1.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-1.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-1.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-1.pem | 84 ++++++++--------- tests/data_files/pkcs7-rsa-sha256-2.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-2.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-2.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-2.pem | 84 ++++++++--------- .../data_files/pkcs7_data_cert_encrypted.der | Bin 452 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 1276 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 1265 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 2504 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 810 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 1284 -> 1284 bytes .../pkcs7_data_without_cert_signed.der | Bin 435 -> 435 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 1284 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 1284 -> 1284 bytes 22 files changed, 200 insertions(+), 223 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index c4d605e009..56b6bb6170 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -623,12 +623,12 @@ out: return( ret ); } -int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, - const mbedtls_x509_crt *cert, - const unsigned char *data, - size_t datalen ) +static int mbedtls_pkcs7_data_or_hash_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen, + const int is_data_hash ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *hash; mbedtls_pk_context pk_cxt = cert->pk; @@ -642,6 +642,14 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, goto out; } + if( mbedtls_x509_time_is_past( &cert->valid_to ) || + mbedtls_x509_time_is_future( &cert->valid_from )) + { + printf("EXPRED\n"); + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + goto out; + } + /* * Potential TODOs * Currently we iterate over all signers and return success if any of them @@ -676,8 +684,17 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; goto out; } - - ret = mbedtls_md( md_info, data, datalen, hash ); + if( is_data_hash ) + { + if( datalen != mbedtls_md_get_size( md_info )) + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + else + memcpy(hash, data, datalen); + } + else + { + ret = mbedtls_md( md_info, data, datalen, hash ); + } if( ret != 0 ) { ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; @@ -688,7 +705,6 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, mbedtls_md_get_size( md_info ), signer->sig.p, signer->sig.len ); - mbedtls_free( hash ); if( ret == 0 ) @@ -698,59 +714,20 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, out: return( ret ); } +int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7, + const mbedtls_x509_crt *cert, + const unsigned char *data, + size_t datalen ) +{ + return( mbedtls_pkcs7_data_or_hash_verify( pkcs7, cert, data, datalen, 0 ) ); +} int mbedtls_pkcs7_signed_hash_verify( mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *hash, size_t hashlen ) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_md_info_t *md_info; - mbedtls_md_type_t md_alg; - mbedtls_pk_context pk_cxt; - mbedtls_pkcs7_signer_info *signer; - - pk_cxt = cert->pk; - - if( pkcs7->signed_data.no_of_signers == 0 ) - { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - goto out; - } - - signer = &pkcs7->signed_data.signers; - for( signer = &pkcs7->signed_data.signers; signer; signer = signer->next ) - { - ret = mbedtls_oid_get_md_alg( &signer->alg_identifier, &md_alg ); - if( ret != 0 ) - { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - continue; - } - - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - continue; - } - - if( hashlen != mbedtls_md_get_size( md_info ) ) - { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - signer = signer->next; - continue; - } - - ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, hashlen, - pkcs7->signed_data.signers.sig.p, - pkcs7->signed_data.signers.sig.len ); - if( ret == 0 ) - break; - } - -out: - return( ret ); + return( mbedtls_pkcs7_data_or_hash_verify( pkcs7, cert, hash, hashlen, 1 ) ); } /* diff --git a/tests/data_files/pkcs7-rsa-sha256-1.crt b/tests/data_files/pkcs7-rsa-sha256-1.crt index ebbaf7cc6e..9e461cd0c6 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.crt +++ b/tests/data_files/pkcs7-rsa-sha256-1.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUMBERfOWtW1Y8Y661YJt3KlBYYZ0wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfqRyKXRqfkj/BThWvwcKfv -qsTiZmVOE6sIusfY86qae4Yv8R8AaBgA3eYbSOat/Xyr3VFgZGtv9Hc8iDM7K1h9 -U9WBKPGN1gGw12LzAxIbf+t5qkH21YtPNkr7liwJruhTh/JLypKE/SVW1XIS47PE -Ug92emsRMKfgsReO7x/EmB/c5cnXfwnrc+DKog2eB+6eIPhq2uq0g+/bV8hkx8+D -N50Qq1OMdy0s/RXeurlYG72jhpj978eOq467vUIIxyD4ggsh9f3ZMOEGFlGjSiZL -CXTgbIbwXnndamf3iqWWN5ZiDH6NVP1UTfCvxvX4HfBE928z0OXu4k7QxNaboEEC -AwEAAaNTMFEwHQYDVR0OBBYEFF1d36HSc95cdyWYy/SRZPsmWncJMB8GA1UdIwQY -MBaAFF1d36HSc95cdyWYy/SRZPsmWncJMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIqAZJRQFPL8GFpxp0ZjF4vSiKX/D0/+LJB+vei4ZGZMaqRo -afT9LBAquK1JjXYXJ9wz56ueVxggouVLb6XTrAwsHISwVxKzxkmBde2egPZ9L7tw -EJdb2YPAkdoi3fY259N6KS8S0MwMMi/YmiXpVpQiPQ5tQFdbT9oSqewi/C7TudFc -hez1M7ToYfbMaZ1yQxf5otT8wKVKhLdEb9ncE2Jku6eH+5+lcVFsliLcNo28bd0c -joRYufduegaxmFluq4YWCozgET38AFKiG9Y8fK34He/qJIwHn7nWJ3cy3j+NAh3X -gpobw4JhCNXaInaNx/BZsoedjXnkunhgRijykOU= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N +Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 +3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j +9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra +xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 +y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC +AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY +MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 +wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 +1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 +1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 +SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H +EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.der b/tests/data_files/pkcs7-rsa-sha256-1.der index 622df1e7a38899b4da3a3601badd4fb36a333238..0d799ea335a51b79ecc1f0b50037469ab0b69ade 100644 GIT binary patch delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<6!-rdqfOwrB$TtTQ1EQz<@E^NP%BT5=F zF)%VXF*Y$UH8xro4Kgz^FfuqXHZd?YHj#%|f5^7aX^EWC@awe7WLyR34h=5;-OORo ziOba$qnb5&xg$fi9>-7y547z!hhs884nkiYH*9`&!k04??ex1a$oSm@x%~f?S|nXb z6MEL>09MMul~Sl>)ggx%e857<#GXDnoEN1uv{TKiz{?RkPh<777fYV$kSiGw(G-@V ze|e`vCaurz5Wm^y>#w^vd+D}0Sr%Or-B(c;9IdT99Xi^^i^u^TVYN*50eHSPgPMt~ zk*h(TJfnSUsDaW|7{uFXyr%caHUjpUsB0Jd9(Oy-=S#UdNwQI{hC+*1K;edqvDW&z z;)fFHj>8$PkIGGR0SrqC#JB`lmL7cYOM_Da0|5X5qf;(a1+tfGFt%}}eU-MIE>H0vSVqNwvbSRNFF zReH)BlIx2G2qA*mTQufl))f8&+jb=CI_xV5g}U-btFjb*PMLzZmREWU4l ztoYjCRo#Ljv1w%?azBA2QFvKgm|E!<{YyERcRm`Ix4jSuR7UhAo6HHMRFaZ{!MK}o z?O1wuUJ5-$HZ&ha+UaTN2FY*l#}H?CYy!F>5-X9Ju}lmoz(j{okZ`$wJ<`_M0&;Vx C%{4m! delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<5;5fOalty@++W3IJen|CTuSYe%!BT5=D zF)=bUF*GqSF*#Zn4Kgt?F)}nUG%+wSIgy80f5+-aB9}&|a>IJ+gHeB$IpW|oe-;2jCU<8{T1H2xmX*$ zqlTFM@5hd-j=Q}=2*)7!f(s$_{n;?#1{P7HN+wGQbl_};@LqY{YG?O~rIt6AVhnzb zRQ*&<@UO=8_#N;>_ir=MNsV?FC)_jV ztDaXFAfn|7_$3@jXkuvZeZ#z}#7?Vf=4eJ{Ik5SLrogTRs6BHi{j=hJ#AFA~tq z3^Fg+nkDI0lp;M2Z9rFBPudcx>>~Uwf77|qT!rlQGqmVo_RMLWazhvSqSXArrAmai zL~q&L6Jlh$r-%EWrEyVgmLl9Xjl6B$9FBxox%X~*2CWRn`p9`k1(lnM_&)G{uK8UvQQ1q%$k4#Z z!qCjnz|<^CoY%-0!JXJ1QGar(>9mr6%Y}c*KMlFOui@X$DK5c&&jYT{sBtuUoUx+t zsmf%%>M1R@%DP+X=JE3zE%*HR_(_UK>F=G3z8w6lU?)-B_gMb0o$C3MB~rf%HExUE z-R@8*6lByjGuES5@y?5#(MR7`-L_K@EK^otR;k<9*c>shVC{ivg&YrJ88@=mA9{L& z;UT-+txo+y>xD_&$G2>&3%DnfJ(ugSm&NXh5oPhV8U`(ojWa(Sn{^~%&wX*82mIly z3_qoB+ji&!lV4=FbJl+0C%*rW92b09k^E-;=TznXq*p848ZIx-_q^O+x^VM1Q^~AX zjfc0~*^xN)+^#q29`+kbPtD^GUN(IpWBhUNHB*_G85tNC2O9($$g(kq%JQ*@v554! zhV72mXTI*@5_2;2*9y`6y7oK+d62X+i-dt#16Bo-HJDWEm!w|i5EOhjkMVY=XI%W| zhccJWuG*aG?zFo8!o(KEZH{a=rB;Wse^KHwV6W2LtI|GksjBUoHvS`wtt+}N8_c^Y z=i2ggex}(Ux#ZpQQ=a^&kXP83dADs)rdar(OAN_czfyN?u*XLhZlJUIu%w zM;tEc!Q6SGj1dZ#o$3qsm^dDNwZ{4K)AIJ&&8_*X4yn)8O4Cp`tj%$4nQ6}~FRlGM z^iSq%I~|>Ud$#u9ym|83C1oX(>;IY$Oxczun7(1-CYwS(hTz;q87E5l7StzwJ+xM< zBe|>p(_UpmU#ep`eve*dYMG=kecuWIcTFeT delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<6Cy!juc+$grNQ8zCP?2_`mKgV!rV%e4I{`4p#D%T)>6x_|cAxJle2yhu%qExiH ze?R~zl=8Xz@}BYYHKsME{8ia79|i+e9U}x7FcyFm*K)AFuurOgC=T%b=jj6_`}|eelPCfu zf1#4a8|W|LX$ykwi9P~}?sv$kb0I3eWW;!Qd9?&oqIMx~YMJfEKV;OB2$VeAX|+Tp z+`c=(Gm4s&G*?fPFNCIcQ=Wv^ic@Z|@%9yOk?Nx{Ua;lh%q>ZY$JHDpj9;>ijI5`s zUB+*qucfZUO7sD}D~MppfBs#Tzh(q1(AA!YaiCOLDH=h)%N5M4RgoDg z#eQmp#I diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key index 6226f8ad46..659c015666 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.key +++ b/tests/data_files/pkcs7-rsa-sha256-2.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeLQBIvG/mRNzi -Lr/dVnbolKkEFz6jDZ3U490N4cXeQr2Amd3QKGEDnTzrRlsS3vPc6alCP0qfIUqQ -jsNLnIMQnvemoacfwVbzBugWm7cUl1mJhr9KyZhRNy8M7JLyvT/HcGhi2ZXq/vQo -IyrXIH4U3M28IUg3hwhwGVqiVLS6QAAolPK5+/Ke8fM1qFFLJ7VIkwssNUgh7yIR -j3gm0+EFV2DcSD9h+drO8Gh6rRy6RrSUrEsU8X28XJmzEJaw2mP/AKy8aNlSqrxi -b/dCA42xsjkR0TDrsccY6MAvfsh+MbVUZfNtXbCRUkp5gBAV2rN4ZJ3hVQcYke71 -H+tVr++tAgMBAAECggEANzztAyiGkbOxTzLcVQV4Tt8XHoNA+X0bLqDwhtEJRvdE -8kJPGb/QTvu696voXMq9ysD1ahkeTm4Sgdpcx+HD3FAJto4eZRDGs2mWLnjMjfwL -MNwll0yD6D1WH1p6NovC3a0e5uS+F00IGyqTLiVP85PqOsnzkIqsGGLVW+K/hEaK -lRqKEf5tYzkdmlay8SfJQf03TuJVFp6qAgG/gH2EkGR/B4SLotXYDNXLFAzlx/N3 -QXHRIKhYOcvznbJ7Doww+nCyO613cUeZ1t3/22QRC3Vm8WMaYzxivGoMzmGM2YqI -MtUG+zXm4if9+MmT0CQ3meWLYwkIbFax6/6DLS6iKQKBgQD4EU4CEEjCsnYm7668 -0THvkcEsOTvSKroLYPKsuUbeoBfCvK4/o6kb2dQbR9c8MnHAJ8yN9gMbuP/njPUu -G9/sycI3uDRYpsQDeBcD74NtCAKqB1s7kcucMzxudwAqw/jJCJxyPqGiS8HJGQRO -sQMtBkvQx9RqKKagAgCWwaiLQwKBgQDlR76cQN3GSVRZfsA2rqTyZo8b4ECSEu0O -4vSQ0i5xMWp8uJLRBxktRYYCMfzH6dHDG+GNYearolOHm7BfC3QUH2EC6kE2D/9P -A40JrF7QEkDRtQ2rmNOQ2diLB1wYQiqRJieuXVIIzaRcyenRxP6ec2YMmHl9FaPh -dmYzjtDSTwKBgFr2/YQENKowhuMAQTM8AvO2nv94fVc0E8TYaCSuTC6Wxh/C0KLF -gN2VoxHd5i9M0CmGbpwf+kPQMwbVyZJ+5j4OPgnwokFf5cDf6JCo46i3p0JyMCJH -9EHzB9X6DTWhZzlQzw2Vqe+5l/YGFm5EusVn6aVFob7L6U4DbfPaT9PBAoGAD1Hi -55fh+azOqQgyGbVDqjq2Fzu9tMT0+AisJL0Wg1O09M50aOkbgo3hrWXfqQ/zhyDm -ykafXhqDkE0T1NX0FKAgIEy8vLsG6SWol9vfnfGKSTjax/t3L3eO44NDYQ+Svo4Z -Gqp7n8D12YlYST7rcHTvfan2fCglAhyiKZHCXDsCgYEA0BeqGpJ6Oz6O8g61JixG -EryjO2cCnQLWlwlal40L63wY5tNDCixuDM6zJFq/tT9DYMuNANrfsqWU2ImKTNPE -kwlMgP813aPXREgyV3ylL4KLusfDF6hqPtDcU2QK05LuTX7puHwi0pR8jAmPzrng -Y2ncNnRJI7vczDETaW1vuoE= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of +5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 +ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 +IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK +OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp +eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX +oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM +NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 +73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD +w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T +i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB +qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 +ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH +slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo +in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D +NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w ++CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 +0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG ++fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ +FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI +xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 +1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 +kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa +uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO +0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ +Qn6c/zyvMKSyrCVxo5pTd5Il -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem index 0f03a43a04..b11a00a199 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.pem +++ b/tests/data_files/pkcs7-rsa-sha256-2.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUSbz5H6XcKL1urGmyF9I9v63PwccwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjAxMTI0MTQxMDE5WhcNMjExMTI0MTQxMDE5WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN4tAEi8b+ZE3OIuv91WduiU -qQQXPqMNndTj3Q3hxd5CvYCZ3dAoYQOdPOtGWxLe89zpqUI/Sp8hSpCOw0ucgxCe -96ahpx/BVvMG6BabtxSXWYmGv0rJmFE3LwzskvK9P8dwaGLZler+9CgjKtcgfhTc -zbwhSDeHCHAZWqJUtLpAACiU8rn78p7x8zWoUUsntUiTCyw1SCHvIhGPeCbT4QVX -YNxIP2H52s7waHqtHLpGtJSsSxTxfbxcmbMQlrDaY/8ArLxo2VKqvGJv90IDjbGy -ORHRMOuxxxjowC9+yH4xtVRl821dsJFSSnmAEBXas3hkneFVBxiR7vUf61Wv760C -AwEAAaNTMFEwHQYDVR0OBBYEFNdysL6wT6p/KA7w/efpAyX7/FXZMB8GA1UdIwQY -MBaAFNdysL6wT6p/KA7w/efpAyX7/FXZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKGSxRvoL+FpC4LtiT4Cie53yKlzISq+ZMR4eHm1BFSidiFv -apntxj9k1JIIlDzbabVEJdy+O8EzipqUNFdPky+EpnZTnoTXilNusPH2FW+R6qMx -XrDl4MwtSYnH1RwkjF+yjYysp6pdxm+gr6k7lS4biHq6VfUYSvQBvSuIYMn+XZa/ -ZgQs0NWeh3GgVFkpGkG/yxXMq1WRGSrFfmqExLVpMeNXTINQsK5PH/JMaj44c4T7 -+qbq9Rf4U4ezkTUXHsQQsA3dFpPiL5Lv6RS+31VKLpXYJQ9j/Z+IWBFjTf/utt5T -VA2cEFCZIkNYUoX8RVs23cQr/ZNBxxgO/7JYNSE= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 +lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y +c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B +g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 +KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj +j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC +AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY +MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka +q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ +ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB +xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS +IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ +gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeLQBIvG/mRNzi -Lr/dVnbolKkEFz6jDZ3U490N4cXeQr2Amd3QKGEDnTzrRlsS3vPc6alCP0qfIUqQ -jsNLnIMQnvemoacfwVbzBugWm7cUl1mJhr9KyZhRNy8M7JLyvT/HcGhi2ZXq/vQo -IyrXIH4U3M28IUg3hwhwGVqiVLS6QAAolPK5+/Ke8fM1qFFLJ7VIkwssNUgh7yIR -j3gm0+EFV2DcSD9h+drO8Gh6rRy6RrSUrEsU8X28XJmzEJaw2mP/AKy8aNlSqrxi -b/dCA42xsjkR0TDrsccY6MAvfsh+MbVUZfNtXbCRUkp5gBAV2rN4ZJ3hVQcYke71 -H+tVr++tAgMBAAECggEANzztAyiGkbOxTzLcVQV4Tt8XHoNA+X0bLqDwhtEJRvdE -8kJPGb/QTvu696voXMq9ysD1ahkeTm4Sgdpcx+HD3FAJto4eZRDGs2mWLnjMjfwL -MNwll0yD6D1WH1p6NovC3a0e5uS+F00IGyqTLiVP85PqOsnzkIqsGGLVW+K/hEaK -lRqKEf5tYzkdmlay8SfJQf03TuJVFp6qAgG/gH2EkGR/B4SLotXYDNXLFAzlx/N3 -QXHRIKhYOcvznbJ7Doww+nCyO613cUeZ1t3/22QRC3Vm8WMaYzxivGoMzmGM2YqI -MtUG+zXm4if9+MmT0CQ3meWLYwkIbFax6/6DLS6iKQKBgQD4EU4CEEjCsnYm7668 -0THvkcEsOTvSKroLYPKsuUbeoBfCvK4/o6kb2dQbR9c8MnHAJ8yN9gMbuP/njPUu -G9/sycI3uDRYpsQDeBcD74NtCAKqB1s7kcucMzxudwAqw/jJCJxyPqGiS8HJGQRO -sQMtBkvQx9RqKKagAgCWwaiLQwKBgQDlR76cQN3GSVRZfsA2rqTyZo8b4ECSEu0O -4vSQ0i5xMWp8uJLRBxktRYYCMfzH6dHDG+GNYearolOHm7BfC3QUH2EC6kE2D/9P -A40JrF7QEkDRtQ2rmNOQ2diLB1wYQiqRJieuXVIIzaRcyenRxP6ec2YMmHl9FaPh -dmYzjtDSTwKBgFr2/YQENKowhuMAQTM8AvO2nv94fVc0E8TYaCSuTC6Wxh/C0KLF -gN2VoxHd5i9M0CmGbpwf+kPQMwbVyZJ+5j4OPgnwokFf5cDf6JCo46i3p0JyMCJH -9EHzB9X6DTWhZzlQzw2Vqe+5l/YGFm5EusVn6aVFob7L6U4DbfPaT9PBAoGAD1Hi -55fh+azOqQgyGbVDqjq2Fzu9tMT0+AisJL0Wg1O09M50aOkbgo3hrWXfqQ/zhyDm -ykafXhqDkE0T1NX0FKAgIEy8vLsG6SWol9vfnfGKSTjax/t3L3eO44NDYQ+Svo4Z -Gqp7n8D12YlYST7rcHTvfan2fCglAhyiKZHCXDsCgYEA0BeqGpJ6Oz6O8g61JixG -EryjO2cCnQLWlwlal40L63wY5tNDCixuDM6zJFq/tT9DYMuNANrfsqWU2ImKTNPE -kwlMgP813aPXREgyV3ylL4KLusfDF6hqPtDcU2QK05LuTX7puHwi0pR8jAmPzrng -Y2ncNnRJI7vczDETaW1vuoE= +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of +5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 +ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 +IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK +OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp +eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX +oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM +NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 +73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD +w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T +i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB +qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 +ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH +slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo +in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D +NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w ++CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 +0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG ++fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ +FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI +xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 +1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 +kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa +uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO +0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ +Qn6c/zyvMKSyrCVxo5pTd5Il -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7_data_cert_encrypted.der b/tests/data_files/pkcs7_data_cert_encrypted.der index 0d0706931e625b35b37466511e87ea4da5a731ba..763057d9e5eb7be478369ddaba4f227fbe94afee 100644 GIT binary patch delta 366 zcmV-!0g?X11H=Q6Uw?bv-O@x%(aru`L8uTciMQV_Y`-uK1_>&LNQUo z07}fdUAVJ>X*kQqd%D*rLG$nqctJVMX|%rz8CJY0cOZ|=bocqC8hzAniNN`=Iq zg~|@O?Gp`C`nG6LWNiH}uQV;lvC7Iq>~EVGRC&qVB&h7M3V&(J7{f#jt%@Bd*gWd- zMfq+qY7!9F!t%(f_B#}$tOR! z>kStU9iTuzl0dPYpx!o0?a6Pq&oW{hS6&LNQUo z01MTcgrxL5dy@l*VL5lRlyDm?g)3;67Ot5m=D4eHp1yroHeJsaMz@eznL)aHdzF@W z`L^fGvI-n8JF6vSG~uiUuSN4WLRZ=kt<}U1PsMO$_m}q5!GDh1{Wy+Mhg(GKA%rl- z@sdwGUn!=!UWY{X&uig>@}@2 zJ%Sql=M9|xz+Dk5zXs@I7r*vWg|S{en$X5uW@;P%+#7~y7P7vpi>sgYFC-PxwAqbz z<;2LE_6QQLgJ<*+BYG42=5sl(_A1-;UC7e7B@5w%zz5lxjUF+0XkuP5GJ_9Tl6gEZ zJO&9WhDe6@4FLxMFdYU7V1`HmWdj5ODg+QZckg~VIky`(o)-umhz_rS5NV*BB$WjF MN+nIx-1da?hxulsi~s-t diff --git a/tests/data_files/pkcs7_data_cert_signed_sha1.der b/tests/data_files/pkcs7_data_cert_signed_sha1.der index a888525244b49ec910b7e4b46c338fd3e74f9d37..b6f95998fc3eb91ccb47856b79f61d06bac9af24 100644 GIT binary patch delta 943 zcmeyv`G<3YyGZrDyO&&iE}s1tQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_^J#Q0!LwzR!-cGR4a?_?E>*%FK|h)wyr>{&K#v zO0TH7BiE{VP5s&dZYFHWYV~!qjNYrS3awXLROQ_lqRV#OR{5Y);L~01pKU(!8U|hd z5UIrb$WD$F4qc(NSr${+Dpp7(9p=l(8SQd&@xJ#*T@jT zowz@u{`f0*rRi?VpY(qSZq5Esu>Ae1BahNj{e)L@>^gqq^Qu|ZZTcVO88Rdo?mm2`Sn6U&?JdjIFgJYJ;yfYJBXy#<<~n(r0EN>H61|s~o>w?e;hG`aMmD zbKQ&J_D|lYCbj%k4ZB(-^my};ApWwdY(azN4>pSTy_c^)GDH5()05ZhIbRn)IJJm( z9{am_3O}-Lz1q_J{&x6@l;h`{&F2cN4(=(})%h!WZ`aNU>Aj2FX8e7Byl-{i?!8VN z#}$4waVviPd(+?{n^@ptFEww@k_S0$AL1(SW~G1cS~|^qS`trPZ^+*e-w*4Lef=T( z!R33t@r9@F9{F83a&5Nv0!JohMh3>k!3Kc_vTV$uvV1IJEF!V7_ZMC&z86!jI^*=0 zi7CI;qRKf9}Aa<^ph?n@m@|MUC*)0t4W z_r;EsG@q;`8JS=H>Ii7ZnF8Md_2q&fNUf%wD{?fw0oM}pT z%zF3a-j(TViP-r)uZnHsjL5vzZDL$K4+L%hFa#}y=j*8;ig26tGATOdXImI+|)j|xAMuZiUc=}PfQb@PHts(#hMr=-(!}mXLO0S zbr0kgJrXY4*qo;&+Nji@-1J?Br8?i#h_kG95l`&L*`;-BL8_ zZI8IOUe32WPgq+_?dCLV7uC6nF diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der index 3f2dfb5ace1ae4c6571da3551fac2c2c0d65d89a..778fb7b4246a314999cac675ef2bf0147f8439b8 100644 GIT binary patch delta 947 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# ziDvax!;Gx`PFtoX#JOreFxl##^dO+n_E1T`!4W^xuFPt?&6Q1c_pc^rUDl%8FXvcTFD$w6>aN+Em+4aYgGUb%(XQ+o1sP_eMdd{4edE>G% zV`giN`oXe0F?QX`aTCA3ROp?(=Wq6wt#5W#CG9uRxXHBhdgLtWb)gPLH4SEuyg6!q zZoDMIT3cke#QCM~BrUI?ds1w3pYg&S}7u@`!$Odgze4i OE(e_cEcJv*F$MrvY`x2AxP^nVC$&HhlZ{QasUkJ3{8gjaLyI)3Bxs#(=-`XA*PG9(!8 zK9lx%w)St$>brpnDcSj7%56G~t+gX+gReGfeC)l(xZ!%zXJ#Sk`q!1K9KT)d_BZqT zJxzym-HYJ%Pu`~{wft2LyILglc=M4U{<5lUL4)NFHj4MXm#;rEL;lXwlh^AxUl%_( zwTO2f`@4AxKeBGU+S2^~cKC^uH)k$lnm(59^P8 z{UQ6o<$J#Ig{SWx`CT}2ZMOFUMLDI@B5(Z)oSQSi8VN$K{YDk$9AoA&tL{#B&w`B3|OC3x9^ZWnP znNYX)#g3FTpR6SrnP2|u2x#qC>)Bf-u71b(`RaM$5(d5FhwS@TDn0D;cV1I3 zH@auv%OrcfX_oZirbLdbx0K3ykAH~V)IPVj^2x4>1UHROOcS0??qqhwnjj}XVpghm z+kL3@>*2TIooQc|i9Zy1B2aVd`Dz}Ycl_G(w(f9Ft?pua*m*Nd^v2|wp(}0*9u-PH zxxXfW^Kk#tCd)sDAzpqRmC4b(p_h{uCbtN5B;LDr>lv@Y^4?>{N}Qjm51hoMt7OcJ-;(w=WC6YS5)OlX2d>br){eIQ6dd z&ib?J?a2`nG}M3xwuTvO$oJhis_q-C+|jqDzQy(#{0`(`dNS#oY0 Pw^pJzTPjx?lOqoRq+iEN diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der index bf143a56f0b499929747df519279532d86354d61..41849a943e54d4d08d0d1fdf9926f2c362fc986b 100644 GIT binary patch delta 947 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlXg zUDKZ{D|r+8ul;Jgp?mAZnm&(}-(|n7;+t^I|0i1*&&QfqVhnEfDzTO&KLu<4?AoQr z&6a7pj47`3r@*0G@83KN-+VkaHT#!B(BfO^mfj!F-g3@(BUMs+k)^YeJ?y0S!8a%G z#2Brt$Tc;JnPT|m_jZwsTyI$97=7;udG;TRIa%MHzp6a>l9^dqy>{s99~mVq*X!mL zyuR1&6?gE@=cuLXasMV&1W2s)&A08pqb9EQe%*rGmOHJNtU7$K$hfCVZiNKf#e(~@ z1g5;d#B$)}<~VbqRg?Ecn|`T%xGM4Vnczc0r&z9U`+MIp{AuY_d;jK+cN{8fW*5ER QDG*~-KO;icmTBgH01S=CAOHXW delta 947 zcmZqSYT=sTEn*-jSo3skbeK)@x~&Pb%e4X`66a2g_mVa+G&C|XG%++Vw2TtxH8Mov zPRui(_*2AxP^nVC$&HhlZ{QasUkJ3{8gjaLyI)3Bxs#(=-`XA*PG9(!8 zK9lx%w)St$>brpnDcSj7%56G~t+gX+gReGfeC)l(xZ!%zXJ#Sk`q!1K9KT)d_BZqT zJxzym-HYJ%Pu`~{wft2LyILglc=M4U{<5lUL4)NFHj4MXm#;rEL;lXwlh^AxUl%_( zwTO2f`@4AxKeBGU+S2^~cKC^uH)k$lnm(59^P8 z{UQ6o<$J#Ig{SWx`CT}2ZMOFUMLDI@B5(Z)oSQSi8VN$K{YDk$9AoA&tL{#B&w`B3|OC3x9^ZWnP znNYX)#g3FTpR6SrnP2|u2x#qC>)Bf-u71b(`RaM$5(d5FhwS@TDn0D;cV1I3 zH@auv%OrcfX_oZirbLdbx0K3ykAH~V)IPVj^2x4>1UHROOcS0??qqhwnjj}XVpgi> z7k{95aZ*_J!lkb`S_M|W9x`-NmRxqWrcOSgXK$bUOMw}?}4ckXKQ z?RVSveiU54_l5>bce$S9fj{!A7T$a7oqn17>e5QKtmhpK0p9mNG)6vno6oyl!MHEP z)nN{!xulzt!=*QU>)*7MuzpBZh)CDGue8Z&RsB?fut3d&OCO&&`1|S4mN(Z7Z}Ta< zcO7|dsT+6rJ0vmMGM>?9W$@lvD%|nT+w%-Zjg(i{KvMvewvG?Eh}C; PBYi=!>z)7pOyZ{i)pf~# diff --git a/tests/data_files/pkcs7_data_cert_signed_v2.der b/tests/data_files/pkcs7_data_cert_signed_v2.der index 1a24a8a2e3b72232f8ec4c2a1b2a45df051a2444..befd17c190253d2fc76833b5f6cc60b6a2742a2c 100644 GIT binary patch delta 960 zcmZqSYT=q7$;o8MZ@|mOnb0;-NmHcy-rY+sJ{Qmai*Z~bpwqeizFyA$iSb_2MurAP z7KUbq2Bv0F;=D%2NZg5e<`aJ_)SuXPKC^Sq#SgEyoJxsdea^?L_wVkR#0#CLuZk|7 zWm>sY*?F7X@c=gdEpN@+lZ_nsoZ@B8bLvVDO*a;K`(?Mmi63{FcmDZ5HA*GcQ@HBd zGlsBJ2d4(DNWH4qE>Uy9>Ew}lc2;x5mzrz|KD+wBX+dlMz3080pe-qIQDoYp z`pV_bYHQEG6WD+A`Rnz&&8uH-vy2pr6}}rDC@!;ht&ObJtz+FM7-bW;`g~)o*k{%} zt8>l7)sFLQ7T0F4XuK3EapZQ!o@L)pm@$2uxguNqw_LgP>F3@%tvojcu4{AZ4tIFi z*1hrCubq$Dg^GE818-d(ifvvq`=NK0tdDd{Qi zIt}lBOfcWRTwGXjrKH*VL-l{^A5Xnkdi6Wcj;-q+#D8Vy=uKTO=R7Uviq5|L`ZYgp zJqW$qq_i%?Iu%E z@#IcsSF8zg@*`%Y`V!6RtA-g_`<=E-O^9>VeqgfIKj}e0q3xlPeuE=^rd^rUcAG1k z>h51n&bqSWthZp@t@$4B0(5Rld?=4^V-PxW|38z;=3h(aXv|})-7@X)hSw%d)*p&R z)pE^Un^0 z((6JUifS6n9(i-r{M>j+gtfNFaEbFv-$`0tLHDHC=059J4qnv}Ros5ner2)z%1;_H bleJPrPWNjTD+t@0*If=c{aNY>lVS`2W9h&O delta 960 zcmZqSYT=q7$*G%~rw~(NV8k_1NmIl?P_X9d+UPKwp$6H>DCzm(f_7+Y&c)CON|)cDwYjd8>Eq|eMk z()F(^S2=#W+U;-V^?RBQ=eifc?Vr3)O=|h88g{iv=<((wLHuP^*@6bkA8ZuwdoN#q zWQP2mrzfx1bG|NqaB30nJob0<6nK zv?QLo-jKf`z8}^f`}#xngUk1P;|ovUJ@UJ70L%ZtQsXENs&Ig9^Xbmh;1rCu%DUGi_< z5l%|ky}bSR{H29~In$KxnDy?-y(`n#60!4pUKQKM8IgIb+r+qf9thh0VF+3zea)t3 z?GM@auT*;2=kL6xUT$>HzL!b%debcF!%c}CS8pkm^&bBaxv70_Z{?F+6$x${pO_{* zo!rUniZww_e#ER)@3#9;>(|3?!#mTyEE9hy@! zZzkisdFw9Ru5s#J>7Dgw)!UODGV#xX<~)=Q__NWFk#TKwd9?L5-H_yr&sm=qOuu^h zpuGEWdpFPEkhQu0?j4rAv|Lr;xrS!b#E^un$l06h?}#ihG`XhAIeBVr_eslQ*BjYA c0((>Z-}cR1VzT7iHg2s%Z?;sfG$uzL03W2vUH||9 diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der index 7c631f9d7495886951dc80a63dc299421620b8de..85ea9f9fc1f29c7a68936a17ddf3825f10e9636f 100644 GIT binary patch delta 943 zcmey!`H^#ig-G?iyO&&iE}s1tQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_kq}EYPsgF%@UUi6vdzZ%1jqi zxW>5auK7pqSL+&jj%desyeiP&aB$)5o7wfpk}~C#>u0Ek6sY$FaC*+1mwDr|F=J+H zjQYW{J27_M%5f9FzEtR)z2|TCmaT7gRweB>(74I8^Lpeg>2;wFMKuj(kGwf*er~)Z z!dhEoxWxIT?<6g+pnFnmbD#Aq2e0agDsI1Ozp_|<n;bJ L{w(!`NihZhmT0`V delta 943 zcmey!`H^#ig@}QmV9nFD(P1{p>$WD$F4qc(NSr&-$4kn<(9p=l(8SQd&@xJ#*T@jT zowy;Q{`f0*rRi?VpY(qSZq5Esu>Ae1BahNj{e)L@>^gqq^Qu|ZZTcVO88Rdo?mm2`Sn6U&?JdjIFgJYJ;yfYJBXy#<<~n(r0EN>H61|s~o>w?e;hG`aMmD zbKQ&J_D|lYCbj%k4ZB(-^my};ApWwdY(azN4>pSTy_c^)GDH5()05ZhIbRn)IJJm( z9{am_3O}-Lz1q_J{&x6@l;h`{&F2cN4(=(})%h!WZ`aNU>Aj2FX8e7Byl-{i?!8VN z#}$4waVviPd(+?{n^@ptFEww@k_S0$AL1(SW~G1cS~|^qS`trPZ^+*e-w*4Lef=T( z!R33t@r9@F9{F83a&5Nv0!JohMh3>k!3Kc_vTV$uvV1IJEF!V7_ZMC&z86!jI^*=0 zi7CI;qRKf9}Aa<^ph?n@m@|MUC*)0t4W z_r;EsG@q;`8JS=H>Ii7ZnF8Md_2q&fNUf%wD{?fw0oM}pT z%zF3a-j(TViP-r)uZnHsjL5vzZDL$K4+L%hFa#}y=j*8;ig26tGATOdXImI+|)j|xAMuZiUc=}PfQb@PA+41#hMr=pJ!I8ciVla z_3Poc;hkw;mWe+Uc_L7A>-lOPpLhJ)^S17APOa`@df0h0O!UU&nV~Cg3LX_oKDoap zfb($w(k9D4h9O>l9hJ$^yrGwq7ACg{bR^!pcIz3h!t&l@#!5do@t)XVzp2w{Z>sv# zwTGU6@byyO))BM8WV=?!m5s%%Dx78|ns)W6*S9YVzG~2=Hg~x6nfPZxa~{eD{Ml&8$hbDTJlcAjZb)**=d4c)reD2$P~QExy_;un$lBb0_YO;5 zTCS?_Ttl;IVn{+(y7LlfxRjIZ~JC0F&j#v=lKK)k+X5#cdNci zQnPMvrO`_pTYFKeHCm&*_wGOMymOrQ=XbvEukZZ6Z&-L(IMY-la)v!&c=PS}k&|Af zpki{{>=pl>ELRh8B@|Lg9i@sws;D|b&MIB|ugnqTRL$CxCJ(p1!6iR_ySYXi^>jM* zng8sSBlhb%eR_Kr=mjG>DEzv_smtWsiLd~BP+W+X9$oh5%a`-13 zL_a*vbChv57LJ(w#Bpo1FVDKtizSsPM(oueVNlW6A48rg(`?48d&j_<79Kmz5L4<( zrowr_w<7taEOdSSD+-bSF z3wY428dsEDlU1!p)hdhftBjeziZMR;bUyzvtP0#Mtn`B%K*Kc0KAY078#h_iCFrNx z>CPvlHcsx-7ZQb5(g)7hW{jEz1Ncl&Guk=r^P$8|(>NO-2*3d-vq4%RCAdIX34YFV zoFXY3%ellsqBBdhB0!!rj@q#PHH?J)$A)u?A>4|FH?eJux{Y8x)L;1sNk_fvBe-AOHvyxn+jc zm92N6D&fPMg7`PjZV?ZNS+0gTn;@?LkEcC(Bu^zjz0krI!kr45H z0^)-xyG@rMWUZ7^=xmfG_3z$`mG&It9hVFF(Pl9zs1jV7W^_AHXELaqNUDKZLW}T1Ssx{<{P8uRErW zFgY3ZOUGJW96BZoJciyjyaA#Bdr77~nb4`M_iDAqfVmu&NQrwGSk*6AEPodvhl=vY z#24y-U>6h)u!p!cw4!2nXG_M^)X1j^xU};7qqyGO*1KTuhQ=l>f;orHy;7gyQ2wW6 z_nrP)`6Q2&jPG4=l-Zfg=B>Nk(Zli(WX>|Okk_T$@?ILq*A4_TUs%P-D|>SNXhFpS zH*&0a&=3^x#LvvR$}LR}xg5zt`S|we)AHP0FbZ?ZEf(%`mIUqokPIZlTqOk;iEa*$ zCC#!teBZT?n}SKxPmDG!6{o~D!(08t@e#~wJ!Rf3In2ZfUh6WLB z3#qt2nb!cghfZ>R_dhzJQ{gUIJ1dfDl+Is%w3aXQ2=^W&VhTuq?@)B14yzkPj8psoaW ziX(jhvT@H`&k5FB833>_AOcU&109sxKocWkR2m*A`lq|fp!5) zoYjrw#SnZrUT0p)%fNkBl%~aL&AMg2>DO+)9h@DxRc8YiEGtw~m{e(qE;dxxSh6@u z8Dm8|zpQ?$MO;4^!5o75v@C8SPe delta 1910 zcmaKsX*3&%0)LC8?$3RBNd*B&{uprI=d6khY>#YZ0}Eii%jPLak#- z8`Ro_cBn8+YpAt}L2D^R?2KsNd-La=caHOZ-gED-d%k=7N^AydEN+VghU`suR~7+;%To%D);XDVnJ?K^;vBX81S$2Mqe;Z9sG?Ij>Kt0)-ps8O{?Ac7!Y_O2 zm3bHPe5K0&k!&kkmIQCK-KHw^$A~0zCNDrjb#;~J=Lo~UDi*a}|iwn~rRjfKAq0p)v4CcdIh!FanSizCt6aJivD>GSZ3#~Pnqa$uKE-nMY{ zaF~*-`2rIdkVe}7^i2M;WB6jpXLm5D`0f?RLD_r3t4dT-t2J?wEANYcS)F=VQhCSe zRvwINLSfzJDQ70RweJN-i#8Ov2iK)2N@mQ+UJ?j7mnn^z#W40&)|by_h?TUDX-1r% zHm3ko#uFYZbtm|Uk50kDDIC6gV`?!a>QhIgw~f}OM%Fwc0ceLv03b_&0ATkL4gX@DDA;Xut81G(ls5h)>e4yz6$J328tuJKDA}&~S=M1`dF5yc#H6oD9REat&E3+H@BoRd4t9n|k`r2hnbV;$O z6`b#$mePglFL1g5m;REy$u{SN1o}?qE`QzDI-@hL76<13!BV%qkSZQ>`g$4mMF+`3 zNGoTv{cw}Mv1RkkZg-D*Gp5rGW!odIgW`i$gYJ{kLv=F{#d| zsCbaVR8u6rcoruHrLOI$uHc@d*BQsLIewSf$#keCX`SRBEq(@S913ug|HI~Sfq&S1 zn*By;2|gPnm9Uz28IZOX(N`0yuG5L{iHwYD7QvQr@tu?rv z7hfBuKh807b)dnMs=_h!r15l2Fmq#9fk<60NB+#5pBdD*OXG|xpUt?@NXe+LuJ!6A zmOih!m}{U!j_$ziKvCPmY+bTY5g?T?Ls1e*(o!E!Ih2T|1>qZ*IHde?J{Cn>Oj9 zFhMKC{W>Z8M$WIlE5=cx`%z_rsQ`&Z*^{IEJY;YqzEAyVkl#0iCZClsxu<=ZCc8f z#8^>k&;&v4YCl=|#)9*cSrtb?15#L+;Su3+u|*&27q~^(EX^Msd9C^r$K1vagJsnVQa?DIJb(+sju&TIJQ{A3n^~UD9X*Q%v^%Xj%KJu^<-J;4j z6UCF><=-{-g8^AJiwv+>OzW+`m&HnO&|gl6t2mYF(#uci!E@&%>5J%+c>7ZIVjnwE RH{h*eiL5Z=eSp)-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7bx#d(|;$YQI9Xm0(^) zE8sM>Ph#LuaXrFxk1)heHHv9_KC^j(e&5w&YSg&ROA&tBpGfXdEZG?FcVC7862#yC z0wlBgrJN|927R=a!?5c#f;;eY6((&rMS~d9a3L4v`e|ntAl3o8-8baKu{#4BHj z>ToZx!J(VkYk$UKX&xhgm?uk@e{yjhnpv zYqYiOxq4#1Feupqxz|~m8?IGAa(sX`;!6m8`LWUz1$}Zcq(kXVk}674-Wmp-=8q#& zs)$;1ht)r+b04YlC>)b2WE9JfDRUqbKR15UP|Ncg-eH1Ve5q#yXTUI<{uC-vBcPda=VV#kYB7a7^!iDw2?N^Cr^rjc# z6yy+m+UKhbOzsaWp0&6`WqXPO;fdK+71)!RRjAn!#S&x5zkE;$!;htcIs7qHN=}G* zV_OYX(_*1xgb;{f-qzaY4IrnD#xo-MvJJ?vKeCBJy=5nrt-|NoK7VD`x299oFp4gj0iK?&(A#`Mjj2m&{HpEAh#X($Qk>x(Q2enm0RgRB zcUwEQEmUJ@^J?;-m(|n3A4kVOMoCjtt!@6^!x_@2B_QW0DT0wyU}{;LvOnAuq%kzs zB?*(2eT&ICb4A!|j1awKPwkGGq%@??whJm@O9o{MW&%MBkvu*ZG6EDyy!juc+$g2jZ}SvN zew6kYK$D{Mvb+g}T=7X{EDI8WgADk*0D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4Hg>6vN4Cs^0A1qh;+SsI;G}VP3%?C z<#}3lXAR#4{XJnI50X}9kuVTzz^Y(!3X^JmlWg{kv#zzTFKuXCv#4(0S^vpvPH4DT zTfW-=YyOg#PeQES{v4Lmj`k3*WWKj-+N>js&ZHKkGEexpq1SoIp`WG4-*$gC%_)+w zU=nhb>KDA{7HYHSTC`Kh-5uXDOkOMAU9{q}b%dNqOK8<8=_&6z4ex$TFyFphTv&0X zq}lpI^?&LgPrX-q^*hgwt?M4de`V+BOL{)hlm#wRriM;Er zmzgivPUgQqE|6ZH!?a6DNPFVUjXpdY2VB|%CKT+fx4m@jCR0)IgCl;XU76K(n=6~@?q5yLy0YV}w_x3^ z`5x~AbZ$y~D35Pr5IS=IKap~rhY8uQQd2`hK z+;~ZZwYJD`iStX}Nm^b(_oUe7KI>NwUeys*+2AxP^nVC$&HhlZ{QasUkJ3{8gjaLyI)3Bxs#(=-`XA*PG9(!8 zK9lx%w)St$>brpnDcSj7%56G~t+gX+gReGfeC)l(xZ!%zXJ#Sk`q!1K9KT)d_BZqT zJxzym-HYJ%Pu`~{wft2LyILglc=M4U{<5lUL4)NFHj4MXm#;rEL;lXwlh^AxUl%_( zwTO2f`@4AxKeBGU+S2^~cKC^uH)k$lnm(59^P8 z{UQ6o<$J#Ig{SWx`CT}2ZMOFUM*_cCRm02VV#2TG9^Id(;tbb!sTws;@y`zmj37W z|EDvdZtsg7DQP}gOENOQ{M8ZA+OgKNw@h69j`8!=^TH(*7CrUOUwU~BkB&^shH#DYm8QPXg)=-x`Zs2&z6_h9WXqT95FYJ+ zOK9aAr9XQ0mv>%_X?^q6c*~2#Z)Y;+7CDRmTy*8nfu&w8+gBCKl99M5CmGvI~5V@&+Zg1t2T@?v#8lRXZJe}Oh?20u(PJYC! zRPVO?Q0v#jZ^Jv&zAO`eDDp(0=GODoJU;LEwdZZ!;hb9C#q_ZAW|-)W$umP&+!Q=2 zlzei3O#tWN{-sTpe+)ys{5mR=qj^IwCoN2F5$H&~ckR|QUWMho$BdPJZsI+$!G2Sx z)816|scR2C|KRJTysaZ6BTU9vCN;K{2Q?GAd7JSv9OK&FQym{*`+^%uz zUFn_mXVu%29WwFHg62Gw4fwOskdbk1ba}M(HrD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMQ=q8Wu!*tUpoy`ViILI3 zXW_(rQ!ys2>2vZUW~KTP&FZU$8CmUro-svg53`VBM|x9`6ElZc2P8k8fiTI&%L%lgj2_OXq0JW2@aV?eK=zCQa5K zibd6O&0U)%E)^(>KmC=NE~apeao1h*kKC`;HS`?Oj_-I?pugeZ!r3>o>yIU6$|={+ zP!B0k?+f7coH;M^#${v1%+?t7gJpMO?7EfXCVqXX&^vq2-|Q`0-|VbP+Hat7lWFJm z$XU|sLLG`~8q6MfbJYCYcu9n{w#aaa^Gn}JT3$i-q}b*@>sJn5)e%+Pe${?uvHZ$U d8Zwi$QbbPoYZfaA+nd*24mkZ;>Isu#3;=4#!At-E delta 969 zcmZqSYT=sTEn*-jSo3skbeK)@x~&Pb%e4X`66a2g_mVa+G&C|XG%++Vw2TtxH8Mov zPRui(_*2AxP^nVC$&HhlZ{QasUkJ3{8gjaLyI)3Bxs#(=-`XA*PG9(!8 zK9lx%w)St$>brpnDcSj7%56G~t+gX+gReGfeC)l(xZ!%zXJ#Sk`q!1K9KT)d_BZqT zJxzym-HYJ%Pu`~{wft2LyILglc=M4U{<5lUL4)NFHj4MXm#;rEL;lXwlh^AxUl%_( zwTO2f`@4AxKeBGU+S2^~cKC^uH)k$lnm(59^P8 z{UQ6o<$J#Ig{SWx`CT}2ZMOFUMLDI@B5(Z)oSQSi8VN$K{YDk$9AoA&tL{#B&w`B3|OC3x9^ZWnP znNYX)#g3FTpR6SrnP2|u2x#qC>)Bf-u71b(`RaM$5(d5FhwS@TDn0D;cV1I3 zH@auv%OrcfX_oZirbLdbx0K3ykAH~V)IPVj^2x4>1UHRO5)+;pHZhhPG%*%4F)|wX z=%(f=#8f02a!sDktdBLBPJYC!RPVO?Q0v#jZ^Jv&zAO`eDDp(0=GODoJU;LEwdZZ! z;hb9C#q_ZAW|-)W$umP&+!Q=2lzei3O#tWN{-sTpe+)ys{5mR=qj^IwCoN2F5$H&~ zckR|QUWMho$BdPJZsI+$!G2Sx)816|scR2C|KRJTysaZ6BTU9vCN;K{2 zQ?GAd7JSv9OK&FQym{*`+^%uzUFn_mXVu%29WwFHg62Gw4fwOskdbk1ba}M(Hr9_B7bx#d(|;$YQI9Xm0(^) zE8sM>Ph#LuaXrFxk1)heHHv9_KC^j(e&5w&YSg&ROA&tBpGfXdEZG?FcVC7862#yC z0wlBgrJN|927R=a!?5c#f;;eY6((&rMS~d9a3L4v`e|ntAl3o8-8baKu{#4BHj z>ToZx!J(VkYk$UKX&xhgm?uk@e{yjhnpv zYqYiOxq4#1Feupqxz|~m8?IGAa(sX`;!6m8`LWUz1$}Zcq(kXVk}674-Wmp-=8q#& ns)$;1ht)r+b04YlC>)b2WE9JfDRUqbKR15UP|Ncg}{ delta 289 zcmV++0p9+z1G58=eH1Ve5q#yXTUI<{uC-vBcPda=VV#kYB7a7^!iDw2?N^Cr^rjc# z6yy+m+UKhbOzsaWp0&6`WqXPO;fdK+71)!RRjAn!#S&x5zkE;$!;htcIs7qHN=}G* zV_OYX(_*1xgb;{f-qzaY4IrnD#xo-MvJJ?vKeCBJy=5nrt-|NoK7VD`x299oFp4gj0iK?&(A#`Mjj2m&{HpEAh#X($Qk>x(Q2enm0RgRB zcUwEQEmUJ@^J?;-m(|n3A4kVOMoCjtt!@6^!x_@2B_QW0DT0wyU}{;LvOnAuq%kzs nB?*(2eT&ICb4A!|j1awKPwkGGq%@??whJm@O9o{MW&%MBQ09sM diff --git a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der index cfaac2fa78e46fa9db2efe9fbf1bb71b6519d4ab..2973ccd7e50b2f7e667d651e76d939d01fc0f287 100644 GIT binary patch delta 963 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMQ?RJmu!*tUpoy`ViILI3 z$G~)Afr%Is)&x5F5wlW#iDvax!;Gx`PFtoX#JOreFxl##^dO+n_E1T`!4W^xuFPt? z&6Q1c_pc^rUDl%8FXvcTFD$w6>aN+Em+4aYgGUb%( zXQ+o1sP_eMdd{4edE>G%V`giN`oXe0F?QX`aTCA3ROp?(=Wq6wt#5W#CG9uRxXHBh zdgLtWb)gPLH4SEuyg6!qZoDMIT3cke#QCM~BrUI?ds1w3pYg&S}7u@`!$Odgze4iE(e_cEcJv*F$Mr&G{F%7 delta 970 zcmZqSYT=sTEn*-jSo3skbeK)@x~&Pb%e4X`66a2g_mVa+G&C|XG%++Vw2TtxH8Mov zPRui(_*2AxP^nVC$&HhlZ{QasUkJ3{8gjaLyI)3Bxs#(=-`XA*PG9(!8 zK9lx%w)St$>brpnDcSj7%56G~t+gX+gReGfeC)l(xZ!%zXJ#Sk`q!1K9KT)d_BZqT zJxzym-HYJ%Pu`~{wft2LyILglc=M4U{<5lUL4)NFHj4MXm#;rEL;lXwlh^AxUl%_( zwTO2f`@4AxKeBGU+S2^~cKC^uH)k$lnm(59^P8 z{UQ6o<$J#Ig{SWx`CT}2ZMOFUMLDI@B5(Z)oSQSi8VN$K{YDk$9AoA&tL{#B&w`B3|OC3x9^ZWnP znNYX)#g3FTpR6SrnP2|u2x#qC>)Bf-u71b(`RaM$5(d5FhwS@TDn0D;cV1I3 zH@auv%OrcfX_oZirbLdbx0K3ykAH~V)IPVj^2x4>1UHROk`ta9HZhhPG%*%4F)|wX z80eC-Np2<^JbXnjma}ZSKJglDwKS3e@y`A;r^vfmVXRGy!<*UlcRY*r_Qk?8Ulx4Tpi6HiRsub^=H-FlN~bg&w}PWlnwZ^(U6gGZFG6G^)}s* zrph^a mYHjyP%VO6X**yY#Q~cld&0J!#D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoHks3^7+Ir$N@ zQhkYL^;N@+to=?~rY6L>YCka9>Ywx=pwRYENx#7nKhv(vYP-#qO?CILCTCsQan@U~ z?$&&dcL6##B|enLw=oDEx&NO@W%IA4b2R3$)oz(~c*ARxChHHyqH4M3uFVpc3KYek z{>n@jQ@F;s>#q4n?pNy?dX8wvcf2al-*9l@?3>y3$C5JTl5q#yXTUI<{uC-vBcPda=VV#j*N*gdSF)}nUG%+wSIa(JD zGBGhRGBhzXF)%SXT9Ixyk^3Nj$LdESmqw@LkML84Yw&QV@2bS&W@Szjs|dQs*z>BI zdxkIZ9{^|=0Nv&rNan5me5>72U}S4=^mjanGdn9-eN)weDDjQf0kGF%^8*qaf9rXw zLH5;)Pc};XmMjUb=u?OCOUjaj{Uuh_auVaS#8MA-dTS9dr{J*{j_)6T#F!u4<;mB7 z3F~v<%AyUP2kxFA_-fkfw1e;4SIA_?&x1Fe5UW#+cP%Xa72dkJSR1{ghM4{D$BwIx zyS+jP#~}EE3nBIW*)ZV-7Ez;0CQAu);B1EQUU}VWXZMPwmN%AS41SGN{Zvixug3NG z9q>f=Z!^&4?&40+#MYZjpg{ry0RRD`Q!r659R>qc9S#H*1QcCe-=WfT-duMjn9KB$ zWcwyscL^{b1_Mv$kqUB3( zrPHhoEF6TeR}!(S_-S#%;(|Rc{641;HGB4PgCFxd_ zB0UamKv!E&+7hYkBK$6Y)49=Hh3xe+wCG{>%xRr+Ll^m?)cnAuN`$vWZ`s@vVr09g zhx?zUaZzlRBHT8Oylveaj)Yjb_ilOyv6xwItA-W|jNlPH`~Xs-8`eC0t@s`9>LiQ@ zpSjj2cQW2TjRGClf|?t{f?){N+9Gz1$M9LQhn20 ziY}P}o}RAI+k8TesY`17s_n^$9AD;AoZ%f%{IM|s0j*niTRXNbRAXrKYVx3$)ziTr zN5?-#NmEp Date: Fri, 28 Oct 2022 12:28:54 -0500 Subject: [PATCH 030/139] pkcs7: Respond to feeback on parsing logic After recieving review on the pkcs7 parsing functions, attempt to use better API's, increase consisitency and use better documentation. The changes are in response to the following comments: - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1] - make lack of support for authenticatedAttributes more clear [2] - increment pointer in pkcs7_get_content_info_type rather than after [3] - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103 Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 3 +++ library/pkcs7.c | 27 ++++++++++++++------------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 9486c71535..2a557bfad3 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -38,6 +38,9 @@ * - The RFC specifies the Signed Data type can contain * certificate-revocation lists (crls). This implementation has no support * for crls so it is assumed to be an empty list. + * - The RFC allows for SignerInfo structure to optionally contain + * unauthenticatedAttributes and authenticatedAttributes. In Mbed TLS it is + * assumed these fields are empty. */ #ifndef MBEDTLS_PKCS7_H diff --git a/library/pkcs7.c b/library/pkcs7.c index 56b6bb6170..ab7bebdf2f 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -126,6 +126,7 @@ static int pkcs7_get_content_info_type( unsigned char **p, unsigned char *end, pkcs7->tag = MBEDTLS_ASN1_OID; pkcs7->len = len; pkcs7->p = *p; + *p += len; out: return( ret ); @@ -197,8 +198,7 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len1 = 0; size_t len2 = 0; - unsigned char *end_set, *end_cert; - unsigned char *start = *p; + unsigned char *end_set, *end_cert, *start; if( ( ret = mbedtls_asn1_get_tag( p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) @@ -235,7 +235,7 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end, } *p = start; - if( ( ret = mbedtls_x509_crt_parse( certs, *p, len1 ) ) < 0 ) + if( ( ret = mbedtls_x509_crt_parse_der( certs, *p, len1 ) ) < 0 ) { ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; goto out; @@ -289,6 +289,8 @@ out: * [1] IMPLICIT Attributes OPTIONAL, * Returns 0 if the signerInfo is valid. * Return negative error code for failure. + * Structure must not contain vales for authenticatedAttributes + * and unauthenticatedAttributes. **/ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end, mbedtls_pkcs7_signer_info *signer ) @@ -335,6 +337,8 @@ static int pkcs7_get_signer_info( unsigned char **p, unsigned char *end, if( ret != 0 ) goto out; + /* Asssume authenticatedAttributes is nonexistent */ + ret = pkcs7_get_digest_algorithm( p, end_signer, &signer->sig_alg_identifier ); if( ret != 0 ) goto out; @@ -510,8 +514,6 @@ static int pkcs7_get_signed_data( unsigned char *buf, size_t buflen, goto out; } - p = p + signed_data->content.oid.len; - /* Look for certificates, there may or may not be any */ mbedtls_x509_crt_init( &signed_data->certs ); ret = pkcs7_get_certificates( &p, end_set, &signed_data->certs ); @@ -548,7 +550,7 @@ out: int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, const size_t buflen ) { - unsigned char *start; + unsigned char *p; unsigned char *end; size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -561,17 +563,17 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, } /* make an internal copy of the buffer for parsing */ - pkcs7->raw.p = start = mbedtls_calloc( 1, buflen ); + pkcs7->raw.p = p = mbedtls_calloc( 1, buflen ); if( pkcs7->raw.p == NULL ) { ret = MBEDTLS_ERR_PKCS7_ALLOC_FAILED; goto out; } - memcpy( start, buf, buflen ); + memcpy( p, buf, buflen ); pkcs7->raw.len = buflen; - end = start + buflen; + end = p + buflen; - ret = pkcs7_get_content_info_type( &start, end, &pkcs7->content_type_oid ); + ret = pkcs7_get_content_info_type( &p, end, &pkcs7->content_type_oid ); if( ret != 0 ) { len = buflen; @@ -596,14 +598,13 @@ int mbedtls_pkcs7_parse_der( mbedtls_pkcs7 *pkcs7, const unsigned char *buf, } isoidset = 1; - start = start + pkcs7->content_type_oid.len; - ret = pkcs7_get_next_content_len( &start, end, &len ); + ret = pkcs7_get_next_content_len( &p, end, &len ); if( ret != 0 ) goto out; try_data: - ret = pkcs7_get_signed_data( start, len, &pkcs7->signed_data ); + ret = pkcs7_get_signed_data( p, len, &pkcs7->signed_data ); if ( ret != 0 ) goto out; From 5f39767495331edc29417c52e55f06a0ab665d41 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Fri, 28 Oct 2022 12:38:41 -0500 Subject: [PATCH 031/139] pkcs7: Fix imports Respond to feedback about duplicate imports[1] and new import style [2]. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361 Signed-off-by: Nick Child --- library/pkcs7.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index ab7bebdf2f..7976a0b3a9 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -34,17 +34,8 @@ #include #endif -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #include "mbedtls/platform_util.h" -#else -#include -#include -#define mbedtls_free free -#define mbedtls_calloc calloc -#define mbedtls_printf printf -#define mbedtls_snprintf snprintf -#endif #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" From 3951a4f3ada028d08e50d32ab837f0a226afd0b0 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Mon, 31 Oct 2022 09:17:15 -0500 Subject: [PATCH 032/139] pkcs7: Use better error codes Remove an unnecessary debug print (whoops). Use new error code for when the x509 is expired. When there are no signers return invalid certificate. Signed-off-by: Nick Child Co-authored-by: Dave Rodgman Signed-off-by: Nick Child --- include/mbedtls/pkcs7.h | 1 + library/pkcs7.c | 5 ++--- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 2a557bfad3..52895ac2b7 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -69,6 +69,7 @@ #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ +#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS7 date issued/expired dates are invalid */ /* \} name */ /** diff --git a/library/pkcs7.c b/library/pkcs7.c index 7976a0b3a9..ca0170a6dc 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -630,15 +630,14 @@ static int mbedtls_pkcs7_data_or_hash_verify( mbedtls_pkcs7 *pkcs7, if( pkcs7->signed_data.no_of_signers == 0 ) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; goto out; } if( mbedtls_x509_time_is_past( &cert->valid_to ) || mbedtls_x509_time_is_future( &cert->valid_from )) { - printf("EXPRED\n"); - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + ret = MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; goto out; } From fc234b7b52af978e0bff0c79a8f685bf9ab839b0 Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 2 Nov 2022 15:23:39 -0500 Subject: [PATCH 033/139] test/pkcs7: Add Windows CRLF EOF to data files Windows tests are failing pkcs7 verification due to differnt line endings. Therefore, add make instuctions for building the data files with Windows EOF instead. As a result, regenerate other data files so that verification works. Add these CRLF EOF files to the exception in check_files to ignore the line endings. Signed-off-by: Nick Child --- tests/data_files/Makefile | 8 ++++++++ tests/data_files/pkcs7_data.bin | 2 +- tests/data_files/pkcs7_data_1.bin | 2 +- .../data_files/pkcs7_data_cert_encrypted.der | Bin 452 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 1276 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 1265 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 2504 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 810 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 1284 -> 1284 bytes .../pkcs7_data_without_cert_signed.der | Bin 435 -> 435 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 1284 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 1284 -> 1284 bytes tests/scripts/check_files.py | 1 + tests/suites/test_suite_pkcs7.function | 2 +- 18 files changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b92944ac29..581de256fb 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1136,6 +1136,14 @@ pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt pkcs7_test_file = pkcs7_data.bin +$(pkcs7_test_file): + echo -e "Hello\xd" > $@ +all_final += $(pkcs7_test_file) + +pkcs7_data_1.bin: + echo -e "2\xd" > $@ +all_final += pkcs7_data_1.bin + # Generate signing cert pkcs7-rsa-sha256-1.crt: $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt diff --git a/tests/data_files/pkcs7_data.bin b/tests/data_files/pkcs7_data.bin index e965047ad7..40ee264774 100644 --- a/tests/data_files/pkcs7_data.bin +++ b/tests/data_files/pkcs7_data.bin @@ -1 +1 @@ -Hello +Hello diff --git a/tests/data_files/pkcs7_data_1.bin b/tests/data_files/pkcs7_data_1.bin index 0cfbf08886..78c6baefdd 100644 --- a/tests/data_files/pkcs7_data_1.bin +++ b/tests/data_files/pkcs7_data_1.bin @@ -1 +1 @@ -2 +2 diff --git a/tests/data_files/pkcs7_data_cert_encrypted.der b/tests/data_files/pkcs7_data_cert_encrypted.der index 763057d9e5eb7be478369ddaba4f227fbe94afee..b7b1c8331d7899a34c9abbc490fa8c4ab99bdd7a 100644 GIT binary patch delta 327 zcmV-N0l5Ce1H=Q6hJPE)4$EW?YqVdyJBdo8YIJN>@8BewJ9eM(4TYQQ9aJ%WnUhyT zu0wBXZAF(k)I=bfF&5Ngz4bntvBK`xfT>mKybF-i-VB{>XNRj_cMi`4q@dCXz|Q&a zUJ|2R1i6f_!mF56I>Vux-a@^!)qyZuS-crr7VqJeUl8=F@qfv%I;dNga5n+37D`p! zlMd~E)f0Vp%djr-#fG0}hO1!^>Uiy#0a{Kx80qW57A*pdd&Wf!6j5qlP^A5wG-0f; z|D7(H$zIIf1}|8b96=X*BtwW|+GPG(DYijRe8cy@LQ7h5t>bS!?@<`yH5dmoWeU delta 327 zcmV-N0l5Ce1H=Q6hJQ-Tx?Q-lfoV9)#(TQgCqeV@4tPO1&1tm13K>?sDR&@`&2;zq zr5b(IZ;8P9uP7ZhV};5Nx$P4TQ~I`OP-JZVFRwH$$g#@GLhNsw7*u)5+$5;%u?lI* z7{f#jt%@Bd*gWd-Mfq+qY7!9F!t%(f_BmMLJc+}gPe-SXVlKe-8=>1~dR{fL1YSk2nD0zG z1e1lidjeML9yt-&lcdkej*zP>Dvpa!;p-i({!UoRGkSWHP_PS{49*_fNF&2ebMTFu za%v$Ei*vw1bh%2l|Mv>FqOyh&-GTi&S#ZbEYa0&xp0+K0aLL7Hh7cW4f# zURfNN9epg{Ht*AKLnMtAH$e)jo`R1nP)0NcVMtOkw3hYdzCOt!YerQGGW1m{oBRn zm8U~%`C1I$PK8v5^MvUh3AZkwyfqsS&?zHlgr}nOEDx;tzGEP+vx+-qhFKS`eENmc QzTmdm((B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der index 41849a943e54d4d08d0d1fdf9926f2c362fc986b..a4aa5875876de0170637190fe7e71da8bbd73ee6 100644 GIT binary patch delta 266 zcmV+l0rmcb3WN%<1O$IWxkRl)AS@Ao`ZoC;w%Vw76Q@b>Y0K5Kn{oXNP?Z`kesT;a zS>3BVN*QzSsoHr?1a0hzYtmYDw`udB8*#cr{u_NkM3rg=X|Sx+S(J*|A5FG3oOAgX zlH33xWKdE&+j*Q=1MuH4HlHEM-1CF|CQB1y%^Cs-#q@rC7a2eEB$hG&@m*)d1L9~p0fgJ|V- zKO|i_bomi{{JOd>3kGR5rUG7x`4Ga|@9gGRv&UU!Yx*EkquOUVOYzOxLul+8bbZkT ziFpTB$xFfP$=qBrsd#NQGF+4~^!v9I(F*JY9sy0<5=oE7T*-fjZ>o1=(l$1Be=Ak% z_-J$l*M6RG>)wY-UcvnHTBRpm{*ri57_CijJ&)Wb7bfqnpxZgQJEW?^!E!T{}_UWl>h($ diff --git a/tests/data_files/pkcs7_data_cert_signed_v2.der b/tests/data_files/pkcs7_data_cert_signed_v2.der index befd17c190253d2fc76833b5f6cc60b6a2742a2c..4f4cb047e079c550dc063ef53425dce81a5e31a3 100644 GIT binary patch delta 266 zcmV+l0rmcb3WN%<1O$Iu?AURY!QTIn!c37Sn^m*$X}ls_GHfwS8c}#}{uIbCzD`TW zJi0c?c6YQvXeXQL9(>B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der index 85ea9f9fc1f29c7a68936a17ddf3825f10e9636f..cb7d75103daf5ed7cbaf0e2201458ca7c1fad8cf 100644 GIT binary patch delta 266 zcmV+l0rmdz3GoTA@dJNb?AURY!QTIn!c37Sn^m*$X}ls_GHfwS8c}#}{uIbCzD`TW zJi0c?c6YQvXeXQL9(>B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&@It`H2?qr delta 266 zcmV+l0rmdz3GoTA@dJN!DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTr;+Q8~^|S diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der index 69371ae202cfa21a20a1dfdaf11e115c4daa4ffa..4a237e9d145e0f4afedd8c3bcffb3bf146f96c4a 100644 GIT binary patch delta 529 zcmV+s0`C3D6UY;=Q3rop?AURY!QTIn!c37Sn^m*$X}ls_GHfwS8c}#}{uIbCzD`TW zJi0c?c6YQvXeXQL9(>B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 zhj;z#gj$!seGmdI(34RJcYg$6nA~40nd7`J)?_Vz3SsZ7!CW}UV>7(W?(R04PfAvsza}k$w!Zp1P85JQYK(t8eSRuudAsp~VycCG=)wvTwxZ6C zO@A@n8yQoQ&tZkH&NQ#!Se6BQHtDf(w#I(f!YFLNs6Y6jXUDv834gBV*Wr+x(}er{ zVUv#hr5uTq#~rg5a}O5h=XQpAM%V`rkvs<*Z_WQzcHy4B6` z;Fmz`YDF9WQ%?FJP@g-edw~JD9;fA9+x`>*QE+G1uo@}|dGLr_iAsmhwv0`F=#XGY Tfv&lHBGL0V?~*Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? z6F)b8(@@Lv8sq{YT$51&2C4>-vwvIc*m0G?-v5xoOpzv=RkQGEydqpOY%xq4QFw3u6v!~XPD{r; zx;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDurfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?s zI2P>)1jZ%ITknV#A(nGR1^b7L;jSpEWbXEmAH zZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v&T4GbH-(F=xD;WECol7)6~^FyJ+PRE zcm3>yT9?0l5CSdGkvu+=@c}u11YnrlUn`m8ye`&cEq@AO@2kOFILBi%yv*+IHkwaL zTivMYStdaw{DDDrb4S@q%Kig?;G43KF)W z&W=rgG2I&(Qv2nJ>e%Hb%Y`>^K_@QUVym1MCuIJa`kekzl z`}|>(j{Kz@iIc}2vlnv@7U$=7hI-`v#bVa+UFC)6xlZ(!qi17hqRXncwl-vo0Cu|7 z&GF!uK&2C4>-vww6cd(|;$YQI9Xm0(^)E8sM>Ph#LuaXrFxk1)heHHv9_KC^j( ze&5w&YSg&ROA&tBpGfXdEZG?FcVC7862#yC0wlBgrJN|927R=a!?5c#f;;eY6((&r zMS~d9a3L4v`e|ntAl3o8-8baKu{#4BHj>ToZx!J(VkYk$UKX&xhgm?uk@e{yjhnpvYqYiOxq4#1Feupqxz|~m8?IGAa(sX` z;!6m8`LWUz1$}Zcq(kXVk}674-Wmp-=8q#&s)$;1ht)r+b04YlC>)b2WE9JfDRUqb zKR15UP|NcgZN{+F&q)V$;=K`E_uLJ=BpwhMP|$yp+n#k}G+}v0`4NNxU>SQKtjF zhGLsqxx*LkZB9X4AHb?>SEMlbakt^j9y0a5wBlO9B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/data_files/pkcs7_data_signed_badsigner.der b/tests/data_files/pkcs7_data_signed_badsigner.der index aff1448728d2d6f7dd2cf447251fe08cf7ac28e8..aa5447c44d27f7f4ccb8239e0598699a0055f9db 100644 GIT binary patch delta 266 zcmV+l0rmcb3WN%<1O$Iu?AURY!QTIn!c37Sn^m*$X}ls_GHfwS8c}#}{uIbCzD`TW zJi0c?c6YQvXeXQL9(>B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/data_files/pkcs7_data_without_cert_signed.der b/tests/data_files/pkcs7_data_without_cert_signed.der index dbff326ad33bb0fbedf6716cfa01f015537a8572..b47fe927e5b427158e0d5f27002e6e1ca885dd63 100644 GIT binary patch delta 265 zcmV+k0rvj01G58=vwvIc*m0G?-v5xoOpzv=RkQGEydqpOY%xq4QFw3u6v!~XPD{r; zx;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDurfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?s zI2P>)1jZ%ITknV#A(nGR1^b7L;jSpEWbXEmAH zZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v&T4GbH-(F=xD;WECol7)6~^FyJ+PRE Pcm3>yT9?0l5CSdGJ5+y6 delta 265 zcmV+k0rvj01G58=vww6cd(|;$YQI9Xm0(^)E8sM>Ph#LuaXrFxk1)heHHv9_KC^j( ze&5w&YSg&ROA&tBpGfXdEZG?FcVC7862#yC0wlBgrJN|927R=a!?5c#f;;eY6((&r zMS~d9a3L4v`e|ntAl3o8-8baKu{#4BHj>ToZx!J(VkYk$UKX&xhgm?uk@e{yjhnpvYqYiOxq4#1Feupqxz|~m8?IGAa(sX` z;!6m8`LWUz1$}Zcq(kXVk}674-Wmp-=8q#&s)$;1ht)r+b04YlC>)b2WE9JfDRUqb PKR15UP|NcgB?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der index 2db359072b44bcabbecbc1d0cae2c647c2406131..f4b4e384dbfc145a6c0382f71b51c8718701eb1c 100644 GIT binary patch delta 266 zcmV+l0rmcb3WN%<1O$Iu?AURY!QTIn!c37Sn^m*$X}ls_GHfwS8c}#}{uIbCzD`TW zJi0c?c6YQvXeXQL9(>B?;p`Da(~G6eTla5aa}3e+TdY?AzX>u*U!F`1s)FqsZdS94=7(pdfic4sx2 z+HcM^&8>GPpt}N0t(j|x;LDhWOzT_=ZpTR3`Oa!=)Hj8Tthf|miYG7gq!q^Ce?736 Qhj;z#gj$!seGmdI&|Q3faR2}S delta 266 zcmV+l0rmcb3WN%<1O$I{DSOp1XllPgw3T39MJwPmwNGN;P;ouNbdNB^PBn^Ydp@&y zf_~rCV`|j6%}Wt}+Mh`7P%POP@ONK^020LC{{kel`lXyGo(6rimcy{?G=e+ua}_3S zH${UO(r_Uc<@#x779iFEy4^SN3+k?bjKnKni0W`Ju)(35*=v8sVrd>Df0!p!a3_vX z2}zlrY1q><0cnL?C&6~yTt156{cE(f?74bkzc47-0=d^&nj5ZFKyrM5 zHsVVNeEG4`6a{^9F{DH3O_C}~Qr;Q{o#u}tQ>utsbBEPGsdFEx@+cgWDr6MPk12B? Q6F)b8(@@Lv8sq{YTw`H;SO5S3 diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index a0f5e1f538..50af88a6b6 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -119,6 +119,7 @@ BINARY_FILE_PATH_RE_LIST = [ r'tests/data_files/.*\.req\.[^/]+\Z', r'tests/data_files/.*malformed[^/]+\Z', r'tests/data_files/format_pkcs12\.fmt\Z', + r'tests/data_files/pkcs7_data.*\.bin\Z', ] BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST)) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index c5094bcca8..a1de9998d4 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -150,7 +150,7 @@ void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, ch res = stat( filetobesigned, &st ); TEST_ASSERT( res == 0 ); - file = fopen( filetobesigned, "r" ); + file = fopen( filetobesigned, "rb" ); TEST_ASSERT( file != NULL ); datalen = st.st_size; From 2364aaefa64db2d3303a0b716eff14134f60fa66 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 4 Nov 2022 11:33:04 +0000 Subject: [PATCH 034/139] Update tests/suites/test_suite_pkcs7.function Address test dependency issue Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index a1de9998d4..14a0882532 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -10,7 +10,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PKCS7_C + * depends_on:MBEDTLS_PKCS7_C:MBEDTLS_RSA_C * END_DEPENDENCIES */ From ca7d5065562b90210374fb2cf9c08c400879d8e1 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 31 May 2022 14:43:23 +0200 Subject: [PATCH 035/139] Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong Signed-off-by: Valerio Setti --- library/ssl_misc.h | 9 +- library/ssl_tls.c | 131 ++++++++++++++++++++++++ library/ssl_tls12_client.c | 195 +++++++++++++++++++++++++++++++++++- library/ssl_tls12_server.c | 197 ++++++++++++++++++++++++++++++++++++- 4 files changed, 527 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 41bb9c514d..8b96243507 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -50,7 +50,8 @@ #include "mbedtls/sha512.h" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + !defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/ecjpake.h" #endif @@ -663,7 +664,13 @@ struct mbedtls_ssl_handshake_params #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_pake_operation_t psa_pake_ctx; /*!< EC J-PAKE key exchange */ + mbedtls_svc_key_id_t psa_pake_password; + uint8_t psa_pake_ctx_is_ok; +#else mbedtls_ecjpake_context ecjpake_ctx; /*!< EC J-PAKE key exchange */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */ size_t ecjpake_cache_len; /*!< Length of cached data */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5200d90443..ebada7a394 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -668,7 +668,12 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) mbedtls_ecdh_init( &handshake->ecdh_ctx ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + handshake->psa_pake_ctx = psa_pake_operation_init(); + handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; +#else mbedtls_ecjpake_init( &handshake->ecjpake_ctx ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) handshake->ecjpake_cache = NULL; handshake->ecjpake_cache_len = 0; @@ -1615,11 +1620,75 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, const unsigned char *pw, size_t pw_len ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_pake_role_t psa_role; + psa_status_t status; +#else mbedtls_ecjpake_role role; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) + psa_role = PSA_PAKE_ROLE_SERVER; + else + psa_role = PSA_PAKE_ROLE_CLIENT; + + + if( pw_len > 0 ) + { + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, PSA_ALG_JPAKE ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + + status = psa_import_key( &attributes, pw, pw_len, + &ssl->handshake->psa_pake_password ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE ); + psa_pake_cs_set_primitive( &cipher_suite, + PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, + 256) ); + psa_pake_cs_set_hash( &cipher_suite, PSA_ALG_SHA_256 ); + + status = psa_pake_setup( &ssl->handshake->psa_pake_ctx, &cipher_suite ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_pake_set_role( &ssl->handshake->psa_pake_ctx, psa_role ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + if( pw_len > 0 ) + { + psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, + ssl->handshake->psa_pake_password ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + } + + ssl->handshake->psa_pake_ctx_is_ok = 1; + + return( 0 ); +#else if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) role = MBEDTLS_ECJPAKE_SERVER; else @@ -1630,6 +1699,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -3665,7 +3735,13 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) mbedtls_ecdh_free( &handshake->ecdh_ctx ); #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_pake_abort( &handshake->psa_pake_ctx ); + psa_destroy_key( handshake->psa_pake_password ); + handshake->psa_pake_password = MBEDTLS_SVC_KEY_ID_INIT; +#else mbedtls_ecjpake_free( &handshake->ecjpake_ctx ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_SSL_CLI_C) mbedtls_free( handshake->ecjpake_cache ); handshake->ecjpake_cache = NULL; @@ -5879,6 +5955,55 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake, else #endif { +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + if( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) + { + psa_status_t status; + psa_algorithm_t alg = PSA_ALG_TLS12_ECJPAKE_TO_PMS; + psa_key_derivation_operation_t derivation = + PSA_KEY_DERIVATION_OPERATION_INIT; + + MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PMS KDF for ECJPAKE" ) ); + + handshake->pmslen = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; + + status = psa_key_derivation_setup( &derivation, alg ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + + status = psa_key_derivation_set_capacity( &derivation, + PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_pake_get_implicit_key( &handshake->psa_pake_ctx, + &derivation ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_output_bytes( &derivation, + handshake->premaster, + handshake->pmslen ); + if( status != PSA_SUCCESS ) + { + psa_key_derivation_abort( &derivation ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + + status = psa_key_derivation_abort( &derivation ); + if( status != PSA_SUCCESS ) + { + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); + } + } +#endif ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, lbl, seed, seed_len, master, @@ -5917,6 +6042,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( ret ); } + /* Compute master secret if needed */ ret = ssl_compute_master( ssl->handshake, ssl->session_negotiate->master, @@ -8620,8 +8746,13 @@ int mbedtls_ssl_validate_ciphersuite( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && + ssl->handshake->psa_pake_ctx_is_ok != 1 ) +#else if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE && mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { return( -1 ); } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 5360b3cb7f..3d25e4003f 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -130,15 +130,24 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, const unsigned char *end, size_t *olen ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *p = buf; size_t kkpp_len; *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ssl->handshake->psa_pake_ctx_is_ok != 1 ) + return( 0 ); +#else if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) return( 0 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); @@ -158,6 +167,43 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t output_offset = 0; + size_t output_len; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(p + 2 + output_offset) = 65; + } else { + *(p + 2 + output_offset) = 32; + } + output_offset += 1; + + status = psa_pake_output( &ssl->handshake->psa_pake_ctx, + step, p + 2 + output_offset, + end - p - output_offset - 2, + &output_len ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + } + + kkpp_len = output_offset; +#else ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, ssl->conf->f_rng, ssl->conf->p_rng ); @@ -167,6 +213,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, "mbedtls_ecjpake_write_round_one", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); if( ssl->handshake->ecjpake_cache == NULL ) @@ -849,10 +896,11 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif /* !MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); } @@ -876,6 +924,9 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, size_t len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) @@ -889,6 +940,52 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache = NULL; ssl->handshake->ecjpake_cache_len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t input_offset = 0; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto psa_pake_error; + } + + status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + ret = psa_ssl_status_to_mbedtls( status ); + goto psa_pake_error; + } + + input_offset += length; + } + } + + return( 0 ); + +psa_pake_error: + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + + return( ret ); +#else if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, buf, len ) ) != 0 ) { @@ -901,6 +998,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } return( 0 ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2296,6 +2394,61 @@ start_processing: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; + size_t len = end - p; + size_t input_offset = 0; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + size_t length; + + if( step == PSA_PAKE_STEP_KEY_SHARE ) + { + /* Length is stored after 3bytes curve */ + length = p[input_offset + 3]; + input_offset += 3 + 1; + } + else + { + /* Length is stored at the first byte */ + length = p[input_offset]; + input_offset += 1; + } + + if( input_offset + length > len ) + { + ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + goto psa_pake_out; + } + + status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, + p + input_offset, length ); + if( status != PSA_SUCCESS) + { + ret = psa_ssl_status_to_mbedtls( status ); + goto psa_pake_out; + } + + input_offset += length; + } + +psa_pake_out: + if( ret != 0 ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round two", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); + } +#else ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, p, end - p ); if( ret != 0 ) @@ -2307,6 +2460,7 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -3235,6 +3389,42 @@ ecdh_calc_secret: { header_len = 4; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char *out_p = ssl->out_msg + header_len; + unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - + header_len; + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(out_p + output_offset) = 65; + } else { + *(out_p + output_offset) = 32; + } + output_offset += 1; + status = psa_pake_output( &ssl->handshake->psa_pake_ctx, + step, out_p + output_offset, + end_p - out_p - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + + content_len = output_offset; +#else ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, ssl->out_msg + header_len, MBEDTLS_SSL_OUT_CONTENT_LEN - header_len, @@ -3254,6 +3444,7 @@ ecdh_calc_secret: MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 71f703c7ff..68b4d09883 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -268,10 +268,11 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif /* !MBEDTLS_USE_PSA_CRYPTO && ( MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ) */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) +#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, p[0] ); -#endif +#endif /* !MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); } @@ -292,13 +293,52 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, size_t len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if( ssl->handshake->psa_pake_ctx_is_ok != 1 ) +#else if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) +#endif /* MBEDTLS_USE_PSA_CRYPTO */ { MBEDTLS_SSL_DEBUG_MSG( 3, ( "skip ecjpake kkpp extension" ) ); return( 0 ); } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t input_offset = 0; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto psa_pake_error; + } + + status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + ret = psa_ssl_status_to_mbedtls( status ); + goto psa_pake_error; + } + + input_offset += length; + } + } +#else if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, buf, len ) ) != 0 ) { @@ -307,11 +347,26 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Only mark the extension as OK when we're sure it is */ ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; return( 0 ); + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +psa_pake_error: + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + + return( ret ); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -1973,7 +2028,11 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; @@ -1996,6 +2055,42 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( MBEDTLS_TLS_EXT_ECJPAKE_KKPP, p, 0 ); p += 2; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t output_offset = 0; + size_t output_len; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(p + 2 + output_offset) = 65; + } else { + *(p + 2 + output_offset) = 32; + } + output_offset += 1; + status = psa_pake_output( &ssl->handshake->psa_pake_ctx, + step, p + 2 + output_offset, + end - p - output_offset - 2, + &output_len ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); + return; + } + + output_offset += output_len; + } + } + + kkpp_len = output_offset; +#else ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, ssl->conf->f_rng, ssl->conf->p_rng ); @@ -2004,6 +2099,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); return; } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ MBEDTLS_PUT_UINT16_BE( kkpp_len, p, 0 ); p += 2; @@ -2807,6 +2903,61 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char *out_p = ssl->out_msg + ssl->out_msglen; + unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - + ssl->out_msglen; + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + size_t ec_len; + +#if !defined(MBEDTLS_ECJPAKE_ALT) + psa_pake_operation_t* pake_op = &(ssl->handshake->psa_pake_ctx); + + mbedtls_ecp_tls_write_group( &(pake_op->ctx.ecjpake.grp), + &ec_len, out_p + output_offset, + end_p - out_p); +#else + const mbedtls_ecp_curve_info *curve_info; + + if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( MBEDTLS_ECP_DP_SECP256R1 ) ) == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; + + MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p + 1, 0 ); + ec_len = 3; +#endif //MBEDTLS_PSA_BUILTIN_ALG_JPAKE + output_offset += ec_len; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(out_p + output_offset) = 65; + } else { + *(out_p + output_offset) = 32; + } + output_offset += 1; + status = psa_pake_output( &ssl->handshake->psa_pake_ctx, + step, out_p + output_offset, + end_p - out_p - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + + ssl->out_msglen += output_offset; +#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; @@ -2822,6 +2973,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, } ssl->out_msglen += len; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -4039,6 +4191,46 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + size_t len = end - p; + psa_status_t status; + size_t input_offset = 0; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = p[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + goto psa_pake_out; + } + + status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, + p + input_offset, length ); + if( status != PSA_SUCCESS) + { + ret = psa_ssl_status_to_mbedtls( status ); + goto psa_pake_out; + } + + input_offset += length; + } + +psa_pake_out: + if( ret != 0 ) + { + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round two", ret ); + return( ret ); + } +#else ret = mbedtls_ecjpake_read_round_two( &ssl->handshake->ecjpake_ctx, p, end - p ); if( ret != 0 ) @@ -4055,6 +4247,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_derive_secret", ret ); return( ret ); } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } else #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ From e2977b690187ff848b1a0f26db6c35f5620104c8 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Tue, 13 Sep 2022 14:30:57 +0200 Subject: [PATCH 036/139] Remove TLS 1.2 exception about EC J-PAKE and PSA Crypto Signed-off-by: Neil Armstrong --- docs/use-psa-crypto.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index b22d37f65f..11442ed66d 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -86,7 +86,6 @@ is enabled, no change required on the application side. Current exceptions: -- EC J-PAKE (when `MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED` is defined) - finite-field (non-EC) Diffie-Hellman (used in key exchanges: DHE-RSA, DHE-PSK) From 89e82e1685e87add62385d100f7d9b428042cdbc Mon Sep 17 00:00:00 2001 From: Nick Child Date: Wed, 9 Nov 2022 10:36:10 -0600 Subject: [PATCH 037/139] pkcs7: Add dependecy on MBEDTLS_MD_C Signed-off-by: Nick Child --- include/mbedtls/check_config.h | 3 ++- include/mbedtls/mbedtls_config.h | 3 ++- tests/scripts/all.sh | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dcb6392f1c..e5f8b89753 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -992,7 +992,8 @@ #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\ - ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) ) + ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) \ + ( !defined(MBEDTLS_MD_C) ) ) #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 45dd2748cf..84dcf47ff3 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2669,7 +2669,8 @@ * Module: library/pkcs7.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_PARSE_C, - * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, MBEDTLS_BIGNUM_C + * MBEDTLS_X509_CRT_PARSE_C MBEDTLS_X509_CRL_PARSE_C, + * MBEDTLS_BIGNUM_C, MBEDTLS_MD_C * * This module is required for the PKCS7 parsing modules. */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7139fde6b3..401afaf15b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1211,6 +1211,7 @@ component_test_crypto_full_no_md () { scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py unset MBEDTLS_PKCS12_C # Indirect dependencies scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC @@ -1871,6 +1872,7 @@ component_test_psa_crypto_config_accel_hash_use_psa () { scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py unset MBEDTLS_PKCS12_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA From 50e5616553b9d3d6f39b2030a6eb6462f2d9921d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Nov 2022 10:07:35 +0000 Subject: [PATCH 038/139] Fix typo in check_config.h Signed-off-by: Dave Rodgman --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 701bdedc1e..e49cf12b73 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -1065,7 +1065,7 @@ #if defined(MBEDTLS_PKCS7_C) && ( ( !defined(MBEDTLS_ASN1_PARSE_C) ) || \ ( !defined(MBEDTLS_OID_C) ) || ( !defined(MBEDTLS_PK_PARSE_C) ) || \ ( !defined(MBEDTLS_X509_CRT_PARSE_C) ) ||\ - ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) \ + ( !defined(MBEDTLS_X509_CRL_PARSE_C) ) || ( !defined(MBEDTLS_BIGNUM_C) ) || \ ( !defined(MBEDTLS_MD_C) ) ) #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif From ebd0caffdf66d57bf64625bb2ec41e031a66aca5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Nov 2022 15:33:54 +0000 Subject: [PATCH 039/139] Fix test memory allocation Fix error in memory allocation in test code, which was triggering an error in test_memory_buffer_allocator. Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 14a0882532..e3961407d5 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -75,7 +75,7 @@ void pkcs7_verify( char *pkcs7_file, char *crt, char *filetobesigned, int do_has TEST_ASSERT( file != NULL ); datalen = st.st_size; - data = mbedtls_calloc( datalen, 1 ); + ASSERT_ALLOC( data, datalen ); TEST_ASSERT( data != NULL ); buflen = fread( (void *)data , sizeof( unsigned char ), datalen, file ); @@ -154,7 +154,7 @@ void pkcs7_verify_multiple_signers( char *pkcs7_file, char *crt1, char *crt2, ch TEST_ASSERT( file != NULL ); datalen = st.st_size; - data = ( unsigned char* ) calloc( datalen, sizeof(unsigned char) ); + ASSERT_ALLOC( data, datalen ); buflen = fread( ( void * )data , sizeof( unsigned char ), datalen, file ); TEST_ASSERT( buflen == datalen ); From 71565cff3aeaa7f0acb0a019fd646dc0bd67d8d0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 11 Nov 2022 10:37:38 +0000 Subject: [PATCH 040/139] Disable PKCS7 for some TLS 1.3 tests Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 716495e28c..d3ad4d92d2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3242,6 +3242,7 @@ component_test_tls13_only_psk () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_PKCS7_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" @@ -3273,6 +3274,7 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_PKCS7_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" @@ -3290,6 +3292,7 @@ component_test_tls13_only_psk_all () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py unset MBEDTLS_PKCS7_C make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" From 9f0ec53c4c876c02dd75f89c3c0ab0eb7917d560 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 8 Nov 2022 13:03:24 +0100 Subject: [PATCH 041/139] add a test for EC-JPAKE compatibility in TLS1.2 This is to ensure that the MbedTLS based implementation of EC-JPAKE is compatible with the PSA crypto one Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9295c9d00f..b2af01c380 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1437,6 +1437,31 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { tests/ssl-opt.sh -f "TLS 1.2" } +# We're not aware of any other (open source) implementation of EC J-PAKE in TLS +# that we could use for interop testing. However, we now have sort of two +# implementations ourselves: one using PSA, the other not. At least test that +# these two interoperate with each other. +component_test_tls1_2_ecjpake_compatibility() { + msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA" + scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + make -C programs ssl/ssl_server2 ssl/ssl_client2 + cp programs/ssl/ssl_server2 s2_no_use_psa + cp programs/ssl/ssl_client2 c2_no_use_psa + + msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA" + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + make clean + make -C programs ssl/ssl_server2 ssl/ssl_client2 + make -C programs test/udp_proxy test/query_compile_time_config + + msg "test: server w/o USE_PSA - client w/ USE_PSA" + P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE + msg "test: client w/o USE_PSA - server w/ USE_PSA" + P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE + + rm s2_no_use_psa c2_no_use_psa +} + component_test_psa_external_rng_use_psa_crypto () { msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full From 348410f7097bfffdd73d9c370d2d1eb7a75b9b2c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 15 Nov 2022 22:22:07 +0100 Subject: [PATCH 042/139] Make a copy of the key in operation while setting pake password Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key. This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE. Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 5 ++-- library/psa_crypto.c | 2 +- library/psa_crypto_pake.c | 59 +++++++++++++++++++++++++++++--------- 3 files changed, 49 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4f65398e24..d527e579b6 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1829,7 +1829,7 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation ); */ #if defined(MBEDTLS_PSA_BUILTIN_PAKE) #define PSA_PAKE_OPERATION_INIT {PSA_ALG_NONE, 0, 0, 0, 0, \ - MBEDTLS_SVC_KEY_ID_INIT, \ + NULL, 0 , \ PSA_PAKE_ROLE_NONE, {0}, 0, 0, \ {.dummy = 0}} #else @@ -1920,7 +1920,8 @@ struct psa_pake_operation_s #if defined(MBEDTLS_PSA_BUILTIN_PAKE) unsigned int MBEDTLS_PRIVATE(input_step); unsigned int MBEDTLS_PRIVATE(output_step); - mbedtls_svc_key_id_t MBEDTLS_PRIVATE(password); + uint8_t* MBEDTLS_PRIVATE(password_data); + size_t MBEDTLS_PRIVATE(password_bytes); psa_pake_role_t MBEDTLS_PRIVATE(role); uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); size_t MBEDTLS_PRIVATE(buffer_length); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2ce5e4320d..55319c4bdb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -890,7 +890,7 @@ static psa_status_t psa_restrict_key_policy( * On success, the returned key slot is locked. It is the responsibility of * the caller to unlock the key slot when it does not access it anymore. */ -static psa_status_t psa_get_and_lock_key_slot_with_policy( +psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 870b5b5654..1deb48875f 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -33,6 +33,11 @@ #include #include +extern psa_status_t psa_get_and_lock_key_slot_with_policy( + mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ); /* * State sequence: * @@ -248,6 +253,7 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, psa_key_attributes_t attributes = psa_key_attributes_init(); psa_key_type_t type; psa_key_usage_t usage; + psa_key_slot_t *slot = NULL; if( operation->alg == PSA_ALG_NONE || operation->state != PSA_PAKE_STATE_SETUP ) @@ -255,6 +261,9 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } + if( psa_is_valid_key_id( password, 1 ) == 0 ) + return( PSA_ERROR_BAD_STATE ); + status = psa_get_key_attributes( password, &attributes ); if( status != PSA_SUCCESS ) return( status ); @@ -273,7 +282,33 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) return( PSA_ERROR_NOT_PERMITTED ); - operation->password = password; + status = psa_get_and_lock_key_slot_with_policy( password, &slot, + PSA_KEY_USAGE_DERIVE, + PSA_ALG_JPAKE ); + if( status != PSA_SUCCESS ) + return( status ); + + if( slot->key.data == NULL || slot->key.bytes == 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if( operation->password_data != NULL ) + { + mbedtls_free( operation->password_data ); + operation->password_bytes = 0; + } + + operation->password_data = mbedtls_calloc( 1, slot->key.bytes ); + if( operation->password_data == NULL ) + { + status = psa_unlock_key_slot( slot ); + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + } + memcpy( operation->password_data, slot->key.data, slot->key.bytes ); + operation->password_bytes = slot->key.bytes; + + status = psa_unlock_key_slot( slot ); + if( status != PSA_SUCCESS ) + return( status ); return( PSA_SUCCESS ); } @@ -348,9 +383,7 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_role role; - psa_key_slot_t *slot = NULL; if( operation->role == PSA_PAKE_ROLE_CLIENT ) role = MBEDTLS_ECJPAKE_CLIENT; @@ -359,22 +392,18 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) else return( PSA_ERROR_BAD_STATE ); - if( psa_is_valid_key_id( operation->password, 1 ) == 0 ) + if (operation->password_data == NULL || + operation->password_bytes == 0 ) + { return( PSA_ERROR_BAD_STATE ); - - status = psa_get_and_lock_key_slot( operation->password, &slot ); - if( status != PSA_SUCCESS ) - return( status ); - + } ret = mbedtls_ecjpake_setup( &operation->ctx.ecjpake, role, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - slot->key.data, slot->key.bytes ); - - psa_unlock_key_slot( slot ); - slot = NULL; + operation->password_data, + operation->password_bytes ); if( ret != 0 ) return( mbedtls_ecjpake_to_psa_error( ret ) ); @@ -840,7 +869,9 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation) { operation->input_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID; - operation->password = MBEDTLS_SVC_KEY_ID_INIT; + mbedtls_free( operation->password_data ); + operation->password_data = NULL; + operation->password_bytes = 0; operation->role = PSA_PAKE_ROLE_NONE; mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE ); operation->buffer_length = 0; From 298f781948d4bd69cfe826ce86de907ac9dbb6c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 15 Nov 2022 23:54:26 +0100 Subject: [PATCH 043/139] Use .datax for `make test`, not .data Looking for the .data file doesn't work in out-of-tree builds. Use the .datax file instead. `make clean` removes all .datax files, so this resolves the issue of executables not present on the current branch being left behind after a branch change followed by a `make clean`. Signed-off-by: Gilles Peskine --- tests/scripts/run-test-suites.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index 8a5bb937dc..cedc0bfa5a 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -50,10 +50,10 @@ GetOptions( 'verbose|v:1' => \$verbose, ) or die; -# All test suites = executable files derived from a .data file. +# All test suites = executable files with a .datax file. my @suites = (); -for my $data_file (glob 'suites/test_suite_*.data') { - (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#; +for my $data_file (glob 'test_suite_*.datax') { + (my $base = $data_file) =~ s/\.datax$//; push @suites, $base if -x $base; push @suites, "$base.exe" if -e "$base.exe"; } From 02c25b5f83f6f607007133b1f49931fe7c2630f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Nov 2022 14:08:42 +0100 Subject: [PATCH 044/139] tls12: psa_pake: use common code for parsing/writing round one and round two data Share a common parsing code for both server and client for parsing round one and two. Signed-off-by: Valerio Setti --- library/ssl_misc.h | 212 +++++++++++++++++++++++++++++++++++++ library/ssl_tls.c | 22 ++-- library/ssl_tls12_client.c | 179 +++++-------------------------- library/ssl_tls12_server.c | 125 +++++----------------- 4 files changed, 279 insertions(+), 259 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8b96243507..d4ce35c5a1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2364,6 +2364,218 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) } #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +/** + * \brief Parse the provided input buffer for getting the first round + * of key exchange. This code is common between server and client + * + * \param pake_ctx [in] the PAKE's operation/context structure + * \param buf [in] input buffer to parse + * \param len [in] length of the input buffer + * + * \return 0 on success or a negative error code in case of failure + */ +static inline int psa_tls12_parse_ecjpake_round_one( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len ) +{ + psa_status_t status; + size_t input_offset = 0; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1; x <= 2; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; + step <= PSA_PAKE_STEP_ZK_PROOF; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + } + + return( 0 ); +} + +/** + * \brief Parse the provided input buffer for getting the second round + * of key exchange. This code is common between server and client + * + * \param pake_ctx [in] the PAKE's operation/context structure + * \param buf [in] input buffer to parse + * \param len [in] length of the input buffer + * + * \return 0 on success or a negative error code in case of failure + */ +static inline int psa_tls12_parse_ecjpake_round_two( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len, int role ) +{ + psa_status_t status; + size_t input_offset = 0; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + size_t length; + + /* + * On its 2nd round, the server sends 3 extra bytes which identify the + * curve. Therefore we should skip them only on the client side + */ + if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && + ( role == MBEDTLS_SSL_IS_CLIENT ) ) + { + /* Length is stored after the 3 bytes for the curve */ + length = buf[input_offset + 3]; + input_offset += 3 + 1; + } + else + { + /* Length is stored at the first byte */ + length = buf[input_offset]; + input_offset += 1; + } + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + + return( 0 ); +} + +/** + * \brief Write the first round of key exchange into the provided output + * buffer. This code is common between server and client + * + * \param pake_ctx [in] the PAKE's operation/context structure + * \param buf [out] the output buffer in which data will be written to + * \param len [in] length of the output buffer + * \param olen [out] the length of the data really written on the buffer + * + * \return 0 on success or a negative error code in case of failure + */ +static inline int psa_tls12_write_ecjpake_round_one( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(buf + output_offset) = 65; + } else { + *(buf + output_offset) = 32; + } + output_offset += 1; + + status = psa_pake_output( pake_ctx, step, + buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + } + + *olen = output_offset; + + return( 0 ); +} + +/** + * \brief Write the second round of key exchange into the provided output + * buffer. This code is common between server and client + * + * \param pake_ctx [in] the PAKE's operation/context structure + * \param buf [out] the output buffer in which data will be written to + * \param len [in] length of the output buffer + * \param olen [out] the length of the data really written on the buffer + * + * \return 0 on success or a negative error code in case of failure + */ +static inline int psa_tls12_write_ecjpake_round_two( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + if (step != PSA_PAKE_STEP_ZK_PROOF) { + *(buf + output_offset) = 65; + } else { + *(buf + output_offset) = 32; + } + output_offset += 1; + status = psa_pake_output( pake_ctx, + step, buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + + *olen = output_offset; + + return( 0 ); +} +#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO + /** * \brief TLS record protection modes */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ebada7a394..8771c595b9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1616,23 +1616,19 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, /* * Set EC J-PAKE password for current handshake */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, const unsigned char *pw, size_t pw_len ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_pake_role_t psa_role; psa_status_t status; -#else - mbedtls_ecjpake_role role; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ssl->handshake == NULL || ssl->conf == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); -#if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) psa_role = PSA_PAKE_ROLE_SERVER; else @@ -1688,7 +1684,17 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, ssl->handshake->psa_pake_ctx_is_ok = 1; return( 0 ); -#else +} +#else /* MBEDTLS_USE_PSA_CRYPTO */ +int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, + const unsigned char *pw, + size_t pw_len ) +{ + mbedtls_ecjpake_role role; + + if( ssl->handshake == NULL || ssl->conf == NULL ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) role = MBEDTLS_ECJPAKE_SERVER; else @@ -1699,8 +1705,8 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) @@ -3734,6 +3740,7 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) #if !defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C) mbedtls_ecdh_free( &handshake->ecdh_ctx ); #endif + #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_pake_abort( &handshake->psa_pake_ctx ); @@ -6042,7 +6049,6 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) return( ret ); } - /* Compute master secret if needed */ ret = ssl_compute_master( ssl->handshake, ssl->session_negotiate->master, diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 3d25e4003f..c90ed2e46b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -130,13 +130,9 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, const unsigned char *end, size_t *olen ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *p = buf; - size_t kkpp_len; + size_t kkpp_len = 0; *olen = 0; @@ -168,41 +164,15 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t output_offset = 0; - size_t output_len; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) + ret = psa_tls12_write_ecjpake_round_one(&ssl->handshake->psa_pake_ctx, + p + 2, end - p - 2, &kkpp_len ); + if ( ret != 0 ) { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(p + 2 + output_offset) = 65; - } else { - *(p + 2 + output_offset) = 32; - } - output_offset += 1; - - status = psa_pake_output( &ssl->handshake->psa_pake_ctx, - step, p + 2 + output_offset, - end - p - output_offset - 2, - &output_len ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret ); + return( ret ); } - - kkpp_len = output_offset; #else ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, @@ -924,9 +894,6 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, size_t len ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if( ssl->handshake->ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECJPAKE ) @@ -941,50 +908,21 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t input_offset = 0; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) + if( ( ret = psa_tls12_parse_ecjpake_round_one( + &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - if( input_offset + length > len ) - { - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto psa_pake_error; - } - - status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - ret = psa_ssl_status_to_mbedtls( status ); - goto psa_pake_error; - } - - input_offset += length; - } + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + return( ret ); } return( 0 ); - -psa_pake_error: - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - - MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - - return( ret ); #else if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, buf, len ) ) != 0 ) @@ -2395,48 +2333,9 @@ start_processing: if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; - size_t len = end - p; - size_t input_offset = 0; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - size_t length; - - if( step == PSA_PAKE_STEP_KEY_SHARE ) - { - /* Length is stored after 3bytes curve */ - length = p[input_offset + 3]; - input_offset += 3 + 1; - } - else - { - /* Length is stored at the first byte */ - length = p[input_offset]; - input_offset += 1; - } - - if( input_offset + length > len ) - { - ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - goto psa_pake_out; - } - - status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, - p + input_offset, length ); - if( status != PSA_SUCCESS) - { - ret = psa_ssl_status_to_mbedtls( status ); - goto psa_pake_out; - } - - input_offset += length; - } - -psa_pake_out: - if( ret != 0 ) + if( ( ret = psa_tls12_parse_ecjpake_round_two( + &ssl->handshake->psa_pake_ctx, p, end - p, + ssl->conf->endpoint ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); @@ -3393,37 +3292,15 @@ ecdh_calc_secret: unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) + ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + out_p, end_p - out_p, &content_len ); + if ( ret != 0 ) { - /* For each step, prepend 1 byte with the length of the data */ - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(out_p + output_offset) = 65; - } else { - *(out_p + output_offset) = 32; - } - output_offset += 1; - status = psa_pake_output( &ssl->handshake->psa_pake_ctx, - step, out_p + output_offset, - end_p - out_p - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret ); + return( ret ); } - - content_len = output_offset; #else ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx, ssl->out_msg + header_len, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 68b4d09883..806efd21b5 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -290,12 +290,9 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, const unsigned char *buf, - size_t len ) + size_t len) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ssl->handshake->psa_pake_ctx_is_ok != 1 ) @@ -308,35 +305,19 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t input_offset = 0; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) + if ( ( ret = psa_tls12_parse_ecjpake_round_one( + &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - if( input_offset + length > len ) - { - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto psa_pake_error; - } + MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - ret = psa_ssl_status_to_mbedtls( status ); - goto psa_pake_error; - } - - input_offset += length; - } + return( ret ); } #else if( ( ret = mbedtls_ecjpake_read_round_one( &ssl->handshake->ecjpake_ctx, @@ -353,20 +334,6 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->cli_exts |= MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK; return( 0 ); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) -psa_pake_error: - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - - MBEDTLS_SSL_DEBUG_RET( 1, "psa_pake_input round one", ret ); - mbedtls_ssl_send_alert_message( - ssl, - MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); - - return( ret ); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ @@ -2903,13 +2870,13 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #if defined(MBEDTLS_USE_PSA_CRYPTO) unsigned char *out_p = ssl->out_msg + ssl->out_msglen; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen; - psa_status_t status; size_t output_offset = 0; - size_t output_len; + size_t output_len = 0; size_t ec_len; #if !defined(MBEDTLS_ECJPAKE_ALT) @@ -2931,34 +2898,20 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, #endif //MBEDTLS_PSA_BUILTIN_ALG_JPAKE output_offset += ec_len; - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) + ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + out_p + output_offset, + end_p - out_p - output_offset, &output_len ); + if( ret != 0 ) { - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(out_p + output_offset) = 65; - } else { - *(out_p + output_offset) = 32; - } - output_offset += 1; - status = psa_pake_output( &ssl->handshake->psa_pake_ctx, - step, out_p + output_offset, - end_p - out_p - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret ); + return( ret ); } + output_offset += output_len; ssl->out_msglen += output_offset; #else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; ret = mbedtls_ecjpake_write_round_two( @@ -4192,37 +4145,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t len = end - p; - psa_status_t status; - size_t input_offset = 0; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* Length is stored at the first byte */ - size_t length = p[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - goto psa_pake_out; - } - - status = psa_pake_input( &ssl->handshake->psa_pake_ctx, step, - p + input_offset, length ); - if( status != PSA_SUCCESS) - { - ret = psa_ssl_status_to_mbedtls( status ); - goto psa_pake_out; - } - - input_offset += length; - } - -psa_pake_out: - if( ret != 0 ) + if( ( ret = psa_tls12_parse_ecjpake_round_two( + &ssl->handshake->psa_pake_ctx, p, end - p, + ssl->conf->endpoint ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); From fbbc1f3812cd13ccf86c2e8d090f62ef6a27705a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Nov 2022 16:39:55 +0100 Subject: [PATCH 045/139] tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE Signed-off-by: Valerio Setti --- library/ssl_misc.h | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d4ce35c5a1..34879a18cd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2366,6 +2366,18 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) + +/* Currently JPAKE only supports elliptic curve secp256r1 */ +#define MBEDTLS_SSL_ECJPAKE_PSA_PRIMITIVE \ + PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, \ + PSA_ECC_FAMILY_SECP_R1, 256 ) + +/* Expected output data size for each "step" of EC-JPAKE key echange */ +#define MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ) \ + PSA_PAKE_OUTPUT_SIZE( PSA_ALG_JPAKE, \ + MBEDTLS_SSL_ECJPAKE_PSA_PRIMITIVE, \ + step ) + /** * \brief Parse the provided input buffer for getting the first round * of key exchange. This code is common between server and client @@ -2376,7 +2388,7 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_parse_ecjpake_round_one( +static inline int psa_tls12_parse_ecjpake_round_one( psa_pake_operation_t *pake_ctx, const unsigned char *buf, size_t len ) @@ -2502,11 +2514,7 @@ static inline int psa_tls12_write_ecjpake_round_one( ++step ) { /* For each step, prepend 1 byte with the length of the data */ - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(buf + output_offset) = 65; - } else { - *(buf + output_offset) = 32; - } + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); output_offset += 1; status = psa_pake_output( pake_ctx, step, @@ -2552,11 +2560,7 @@ static inline int psa_tls12_write_ecjpake_round_two( ++step ) { /* For each step, prepend 1 byte with the length of the data */ - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(buf + output_offset) = 65; - } else { - *(buf + output_offset) = 32; - } + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); output_offset += 1; status = psa_pake_output( pake_ctx, step, buf + output_offset, From 4a9caaa0c9cae90d5cc4a7e08f92752698cee6cc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 16 Nov 2022 08:17:09 +0100 Subject: [PATCH 046/139] tls12: psa_pake: check elliptic curve's TLS ID on handshake Signed-off-by: Valerio Setti --- library/ssl_misc.h | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 34879a18cd..807e7811da 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2452,22 +2452,27 @@ static inline int psa_tls12_parse_ecjpake_round_two( /* * On its 2nd round, the server sends 3 extra bytes which identify the - * curve. Therefore we should skip them only on the client side + * curve: + * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE + * - the 2nd and 3rd represent curve's TLS ID + * Validate this data before moving forward */ - if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && + if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && ( role == MBEDTLS_SSL_IS_CLIENT ) ) { - /* Length is stored after the 3 bytes for the curve */ - length = buf[input_offset + 3]; - input_offset += 3 + 1; - } - else - { - /* Length is stored at the first byte */ - length = buf[input_offset]; - input_offset += 1; + uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); + + if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || + ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + input_offset += 3; } + /* Length is stored at the first byte */ + length = buf[input_offset]; + input_offset += 1; + if( input_offset + length > len ) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; From 6f1b5741ae239433414b772adb06e8515c1bd353 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 16 Nov 2022 10:00:32 +0100 Subject: [PATCH 047/139] tls12: psa_pake: simplify EC info parsing in server's 2nd round Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 806efd21b5..38899f9528 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2877,26 +2877,24 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, ssl->out_msglen; size_t output_offset = 0; size_t output_len = 0; - size_t ec_len; - -#if !defined(MBEDTLS_ECJPAKE_ALT) - psa_pake_operation_t* pake_op = &(ssl->handshake->psa_pake_ctx); - - mbedtls_ecp_tls_write_group( &(pake_op->ctx.ecjpake.grp), - &ec_len, out_p + output_offset, - end_p - out_p); -#else const mbedtls_ecp_curve_info *curve_info; - if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( MBEDTLS_ECP_DP_SECP256R1 ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - + /* + * The first 3 bytes are: + * [0] MBEDTLS_ECP_TLS_NAMED_CURVE + * [1, 2] elliptic curve's TLS ID + * + * However since we only support secp256r1 for now, we hardcode its + * TLS ID here + */ + if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( + MBEDTLS_ECP_DP_SECP256R1 ) ) == NULL ) + { + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; - - MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p + 1, 0 ); - ec_len = 3; -#endif //MBEDTLS_PSA_BUILTIN_ALG_JPAKE - output_offset += ec_len; + MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 ); + output_offset += sizeof( uint8_t ) + sizeof( uint16_t ); ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, out_p + output_offset, From 0f0b54851944c7c4523061810711850e8851ad73 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 16 Nov 2022 14:23:51 +0000 Subject: [PATCH 048/139] Limit ChangeLog entry to 80 characters Signed-off-by: Tom Cosgrove --- ...-possible-false-success-in-mbedtls_cipher_check_tag.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt index 01492438aa..1f9e0aa350 100644 --- a/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt +++ b/ChangeLog.d/fix-possible-false-success-in-mbedtls_cipher_check_tag.txt @@ -1,4 +1,5 @@ Changes - * Calling AEAD tag-specific functions for non-AEAD algorithms (which should not - be done - they are documented for use only by AES-GCM and ChaCha20+Poly1305) - now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE instead of success (0). + * Calling AEAD tag-specific functions for non-AEAD algorithms (which + should not be done - they are documented for use only by AES-GCM and + ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + instead of success (0). From 7c7954842b6e287f95168a5dafdc00f0491e1675 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 15 Nov 2022 22:26:12 +0100 Subject: [PATCH 049/139] Adapt ec-jpake_setup test Now when operation holds pointer to dynamically allocated buffer for password key we can't do copy of the operation object in test instead we need to re-initialize operation object after error. Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.function | 54 ++++++++++++++++----- 1 file changed, 41 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 779f594dca..60befa73f4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -31,6 +31,29 @@ #define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 ) #define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 ) +#if defined(PSA_WANT_ALG_JPAKE) +void ecjpake_operation_setup( psa_pake_operation_t *operation, + psa_pake_cipher_suite_t *cipher_suite, + psa_pake_role_t role, + mbedtls_svc_key_id_t key, + size_t key_available ) +{ + *operation = psa_pake_operation_init(); + + TEST_EQUAL( psa_pake_setup( operation, cipher_suite ), + PSA_SUCCESS ); + + TEST_EQUAL( psa_pake_set_role( operation, role), + PSA_SUCCESS ); + + if( key_available ) + TEST_EQUAL( psa_pake_set_password_key( operation, key ), + PSA_SUCCESS ); +exit: + return; +} +#endif + /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -8740,7 +8763,6 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); - psa_pake_operation_t op_copy = psa_pake_operation_init(); psa_algorithm_t alg = alg_arg; psa_pake_primitive_t primitive = primitive_arg; psa_key_type_t key_type_pw = key_type_pw_arg; @@ -8839,22 +8861,25 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, if( input_first ) { /* Invalid parameters (input) */ - op_copy = operation; - TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF, + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0 ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid parameters (step) */ - op_copy = operation; - TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10, + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, size_zk_proof ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid first step */ - op_copy = operation; - TEST_EQUAL( psa_pake_input( &op_copy, PSA_PAKE_STEP_ZK_PROOF, + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); + TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, output_buffer, size_zk_proof ), PSA_ERROR_BAD_STATE ); /* Possibly valid */ + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, size_key_share ), expected_status_input_output); @@ -8875,22 +8900,25 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, else { /* Invalid parameters (output) */ - op_copy = operation; - TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF, + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, NULL, 0, NULL ), PSA_ERROR_INVALID_ARGUMENT ); - op_copy = operation; /* Invalid parameters (step) */ - TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF + 10, + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, buf_size, &output_len ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid first step */ - op_copy = operation; - TEST_EQUAL( psa_pake_output( &op_copy, PSA_PAKE_STEP_ZK_PROOF, + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); + TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, output_buffer, buf_size, &output_len ), PSA_ERROR_BAD_STATE ); /* Possibly valid */ + ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ); TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, buf_size, &output_len ), expected_status_input_output ); From 1def5becc285b9150b334d7626e98d413b29a026 Mon Sep 17 00:00:00 2001 From: Przemyslaw Stekiel Date: Wed, 16 Nov 2022 12:00:26 +0100 Subject: [PATCH 050/139] Add psa_get_and_lock_key_slot_with_policy to header file Signed-off-by: Przemyslaw Stekiel --- library/psa_crypto_core.h | 8 ++++++++ library/psa_crypto_pake.c | 5 ----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 98638481c8..37f8162de7 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -183,6 +183,14 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( } #endif +/** Get the description of a key given its identifier and policy constraints + * and lock it. + */ +psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, + psa_key_slot_t **p_slot, + psa_key_usage_t usage, + psa_algorithm_t alg ); + /** Completely wipe a slot in memory, including its policy. * * Persistent storage is not affected. diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 1deb48875f..224f922dbc 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -33,11 +33,6 @@ #include #include -extern psa_status_t psa_get_and_lock_key_slot_with_policy( - mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg ); /* * State sequence: * From 152ae07682a7c7630b03fc2337721b4b0a19df01 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 17 Nov 2022 13:24:36 +0100 Subject: [PATCH 051/139] Change password ec j-pake operation fields to more suitable Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 4 ++-- library/psa_crypto_pake.c | 28 ++++++++++++++-------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index d527e579b6..33e2e77b99 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1920,8 +1920,8 @@ struct psa_pake_operation_s #if defined(MBEDTLS_PSA_BUILTIN_PAKE) unsigned int MBEDTLS_PRIVATE(input_step); unsigned int MBEDTLS_PRIVATE(output_step); - uint8_t* MBEDTLS_PRIVATE(password_data); - size_t MBEDTLS_PRIVATE(password_bytes); + uint8_t* MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_len); psa_pake_role_t MBEDTLS_PRIVATE(role); uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); size_t MBEDTLS_PRIVATE(buffer_length); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 224f922dbc..b89954830f 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -286,20 +286,20 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( slot->key.data == NULL || slot->key.bytes == 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation->password_data != NULL ) + if( operation->password != NULL ) { - mbedtls_free( operation->password_data ); - operation->password_bytes = 0; + mbedtls_free( operation->password ); + operation->password_len = 0; } - operation->password_data = mbedtls_calloc( 1, slot->key.bytes ); - if( operation->password_data == NULL ) + operation->password = mbedtls_calloc( 1, slot->key.bytes ); + if( operation->password == NULL ) { status = psa_unlock_key_slot( slot ); return( PSA_ERROR_INSUFFICIENT_MEMORY ); } - memcpy( operation->password_data, slot->key.data, slot->key.bytes ); - operation->password_bytes = slot->key.bytes; + memcpy( operation->password, slot->key.data, slot->key.bytes ); + operation->password_len = slot->key.bytes; status = psa_unlock_key_slot( slot ); if( status != PSA_SUCCESS ) @@ -387,8 +387,8 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) else return( PSA_ERROR_BAD_STATE ); - if (operation->password_data == NULL || - operation->password_bytes == 0 ) + if (operation->password == NULL || + operation->password_len == 0 ) { return( PSA_ERROR_BAD_STATE ); } @@ -397,8 +397,8 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) role, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, - operation->password_data, - operation->password_bytes ); + operation->password, + operation->password_len ); if( ret != 0 ) return( mbedtls_ecjpake_to_psa_error( ret ) ); @@ -864,9 +864,9 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation) { operation->input_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID; - mbedtls_free( operation->password_data ); - operation->password_data = NULL; - operation->password_bytes = 0; + mbedtls_free( operation->password ); + operation->password = NULL; + operation->password_len = 0; operation->role = PSA_PAKE_ROLE_NONE; mbedtls_platform_zeroize( operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE ); operation->buffer_length = 0; From 369ae0afc35079979d32b93ba824898a23e1f733 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 17 Nov 2022 14:14:31 +0100 Subject: [PATCH 052/139] Zeroize pake password buffer before free Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index b89954830f..ef31af4204 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -288,6 +288,7 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( operation->password != NULL ) { + mbedtls_platform_zeroize( operation->password, operation->password_len ); mbedtls_free( operation->password ); operation->password_len = 0; } @@ -864,6 +865,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation) { operation->input_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID; + mbedtls_platform_zeroize( operation->password, operation->password_len ); mbedtls_free( operation->password ); operation->password = NULL; operation->password_len = 0; From a08b1a40a0ff0a69fa7114280f3b1e31772466ee Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 15:10:02 +0100 Subject: [PATCH 053/139] tls: psa_pake: move move key exchange read/write functions to ssl_tls.c Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti --- library/ssl_misc.h | 159 ++--------------------------------- library/ssl_tls.c | 167 +++++++++++++++++++++++++++++++++++++ library/ssl_tls12_client.c | 8 +- library/ssl_tls12_server.c | 6 +- 4 files changed, 182 insertions(+), 158 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 807e7811da..d022721a7f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2388,43 +2388,10 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_parse_ecjpake_round_one( +int mbedtls_psa_ecjpake_read_round_one( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len ) -{ - psa_status_t status; - size_t input_offset = 0; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1; x <= 2; ++x ) - { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; - step <= PSA_PAKE_STEP_ZK_PROOF; - ++step ) - { - /* Length is stored at the first byte */ - size_t length = buf[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; - } - - status = psa_pake_input( pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - return psa_ssl_status_to_mbedtls( status ); - } - - input_offset += length; - } - } - - return( 0 ); -} + size_t len ); /** * \brief Parse the provided input buffer for getting the second round @@ -2436,60 +2403,10 @@ static inline int psa_tls12_parse_ecjpake_round_one( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_parse_ecjpake_round_two( +int mbedtls_psa_ecjpake_read_round_two( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len, int role ) -{ - psa_status_t status; - size_t input_offset = 0; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - size_t length; - - /* - * On its 2nd round, the server sends 3 extra bytes which identify the - * curve: - * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE - * - the 2nd and 3rd represent curve's TLS ID - * Validate this data before moving forward - */ - if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && - ( role == MBEDTLS_SSL_IS_CLIENT ) ) - { - uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); - - if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || - ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - input_offset += 3; - } - - /* Length is stored at the first byte */ - length = buf[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - status = psa_pake_input( pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - return psa_ssl_status_to_mbedtls( status ); - } - - input_offset += length; - } - - return( 0 ); -} + size_t len, int role ); /** * \brief Write the first round of key exchange into the provided output @@ -2502,43 +2419,10 @@ static inline int psa_tls12_parse_ecjpake_round_two( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_write_ecjpake_round_one( +int mbedtls_psa_ecjpake_write_round_one( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) - { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - - status = psa_pake_output( pake_ctx, step, - buf + output_offset, - len - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } - } - - *olen = output_offset; - - return( 0 ); -} + size_t len, size_t *olen ); /** * \brief Write the second round of key exchange into the provided output @@ -2551,38 +2435,11 @@ static inline int psa_tls12_write_ecjpake_round_one( * * \return 0 on success or a negative error code in case of failure */ -static inline int psa_tls12_write_ecjpake_round_two( +int mbedtls_psa_ecjpake_write_round_two( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; + size_t len, size_t *olen ); - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - status = psa_pake_output( pake_ctx, - step, buf + output_offset, - len - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } - - *olen = output_offset; - - return( 0 ); -} #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8771c595b9..35262cb885 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8194,6 +8194,173 @@ end: return( ret ); } +#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ + defined(MBEDTLS_USE_PSA_CRYPTO) +int mbedtls_psa_ecjpake_read_round_one( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len ) +{ + psa_status_t status; + size_t input_offset = 0; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1; x <= 2; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; + step <= PSA_PAKE_STEP_ZK_PROOF; + ++step ) + { + /* Length is stored at the first byte */ + size_t length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + } + + return( 0 ); +} + +int mbedtls_psa_ecjpake_read_round_two( + psa_pake_operation_t *pake_ctx, + const unsigned char *buf, + size_t len, int role ) +{ + psa_status_t status; + size_t input_offset = 0; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + size_t length; + + /* + * On its 2nd round, the server sends 3 extra bytes which identify the + * curve: + * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE + * - the 2nd and 3rd represent curve's TLS ID + * Validate this data before moving forward + */ + if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && + ( role == MBEDTLS_SSL_IS_CLIENT ) ) + { + uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); + + if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || + ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + input_offset += 3; + } + + /* Length is stored at the first byte */ + length = buf[input_offset]; + input_offset += 1; + + if( input_offset + length > len ) + { + return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; + } + + status = psa_pake_input( pake_ctx, step, + buf + input_offset, length ); + if( status != PSA_SUCCESS) + { + return psa_ssl_status_to_mbedtls( status ); + } + + input_offset += length; + } + + return( 0 ); +} + +int mbedtls_psa_ecjpake_write_round_one( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ + for( unsigned int x = 1 ; x <= 2 ; ++x ) + { + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); + output_offset += 1; + + status = psa_pake_output( pake_ctx, step, + buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + } + + *olen = output_offset; + + return( 0 ); +} + +int mbedtls_psa_ecjpake_write_round_two( + psa_pake_operation_t *pake_ctx, + unsigned char *buf, + size_t len, size_t *olen ) +{ + psa_status_t status; + size_t output_offset = 0; + size_t output_len; + + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; + step <= PSA_PAKE_STEP_ZK_PROOF ; + ++step ) + { + /* For each step, prepend 1 byte with the length of the data */ + *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); + output_offset += 1; + status = psa_pake_output( pake_ctx, + step, buf + output_offset, + len - output_offset, + &output_len ); + if( status != PSA_SUCCESS ) + { + return( psa_ssl_status_to_mbedtls( status ) ); + } + + output_offset += output_len; + } + + *olen = output_offset; + + return( 0 ); +} +#endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO + #if defined(MBEDTLS_USE_PSA_CRYPTO) int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hashlen, diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index c90ed2e46b..4e986d1dff 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -164,7 +164,7 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = psa_tls12_write_ecjpake_round_one(&ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_one(&ssl->handshake->psa_pake_ctx, p + 2, end - p - 2, &kkpp_len ); if ( ret != 0 ) { @@ -908,7 +908,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_one( + if( ( ret = mbedtls_psa_ecjpake_read_round_one( &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2333,7 +2333,7 @@ start_processing: if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_two( + if( ( ret = mbedtls_psa_ecjpake_read_round_two( &ssl->handshake->psa_pake_ctx, p, end - p, ssl->conf->endpoint ) ) != 0 ) { @@ -3292,7 +3292,7 @@ ecdh_calc_secret: unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; - ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, out_p, end_p - out_p, &content_len ); if ( ret != 0 ) { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 38899f9528..f5c50ea671 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -305,7 +305,7 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( ( ret = psa_tls12_parse_ecjpake_round_one( + if ( ( ret = mbedtls_psa_ecjpake_read_round_one( &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2896,7 +2896,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 ); output_offset += sizeof( uint8_t ) + sizeof( uint16_t ); - ret = psa_tls12_write_ecjpake_round_two( &ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, out_p + output_offset, end_p - out_p - output_offset, &output_len ); if( ret != 0 ) @@ -4143,7 +4143,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = psa_tls12_parse_ecjpake_round_two( + if( ( ret = mbedtls_psa_ecjpake_read_round_two( &ssl->handshake->psa_pake_ctx, p, end - p, ssl->conf->endpoint ) ) != 0 ) { From a98836476782db7fc3883b02c25707fe3da2cd3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 15:34:59 +0100 Subject: [PATCH 054/139] tls: psa_pake: fix missing new round one parsing function on tls12 server Signed-off-by: Valerio Setti --- library/ssl_tls12_server.c | 43 +++++++------------------------------- 1 file changed, 7 insertions(+), 36 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index f5c50ea671..2e480636a0 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1995,11 +1995,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen ) { -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status; -#else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ unsigned char *p = buf; const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; @@ -2023,40 +2019,15 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_USE_PSA_CRYPTO) - size_t output_offset = 0; - size_t output_len; - - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) + ret = mbedtls_psa_ecjpake_write_round_one( &ssl->handshake->psa_pake_ctx, + p + 2, end - p - 2, &kkpp_len ); + if ( ret != 0 ) { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - if (step != PSA_PAKE_STEP_ZK_PROOF) { - *(p + 2 + output_offset) = 65; - } else { - *(p + 2 + output_offset) = 32; - } - output_offset += 1; - status = psa_pake_output( &ssl->handshake->psa_pake_ctx, - step, p + 2 + output_offset, - end - p - output_offset - 2, - &output_len ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", status ); - return; - } - - output_offset += output_len; - } + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + MBEDTLS_SSL_DEBUG_RET( 1 , "psa_pake_output", ret ); + return; } - - kkpp_len = output_offset; #else ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, p + 2, end - p - 2, &kkpp_len, From 30ebe11f869ef6c04396e77bc091ca2d31a45c17 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 16:23:34 +0100 Subject: [PATCH 055/139] tls: psa_pake: add a check on read size on both rounds Signed-off-by: Valerio Setti --- library/ssl_tls.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 35262cb885..06a5ec53dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8231,6 +8231,9 @@ int mbedtls_psa_ecjpake_read_round_one( } } + if ( input_offset != len ) + return PSA_ERROR_INVALID_ARGUMENT; + return( 0 ); } @@ -8286,6 +8289,9 @@ int mbedtls_psa_ecjpake_read_round_two( input_offset += length; } + if ( input_offset != len ) + return PSA_ERROR_INVALID_ARGUMENT; + return( 0 ); } From 9bed8ec5d85536275ca32b0cd6bb738612ea98e6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 16:36:19 +0100 Subject: [PATCH 056/139] tls: psa_pake: make round two reading function symmatric to the writing one Signed-off-by: Valerio Setti --- library/ssl_misc.h | 3 +-- library/ssl_tls.c | 21 +-------------------- library/ssl_tls12_client.c | 26 ++++++++++++++++++++++++-- library/ssl_tls12_server.c | 3 +-- 4 files changed, 27 insertions(+), 26 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index d022721a7f..82a951a581 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2405,8 +2405,7 @@ int mbedtls_psa_ecjpake_read_round_one( */ int mbedtls_psa_ecjpake_read_round_two( psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len, int role ); + const unsigned char *buf, size_t len ); /** * \brief Write the first round of key exchange into the provided output diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 06a5ec53dc..ae12c7ebdf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8240,7 +8240,7 @@ int mbedtls_psa_ecjpake_read_round_one( int mbedtls_psa_ecjpake_read_round_two( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len, int role ) + size_t len ) { psa_status_t status; size_t input_offset = 0; @@ -8251,25 +8251,6 @@ int mbedtls_psa_ecjpake_read_round_two( { size_t length; - /* - * On its 2nd round, the server sends 3 extra bytes which identify the - * curve: - * - the 1st one is MBEDTLS_ECP_TLS_NAMED_CURVE - * - the 2nd and 3rd represent curve's TLS ID - * Validate this data before moving forward - */ - if( ( step == PSA_PAKE_STEP_KEY_SHARE ) && - ( role == MBEDTLS_SSL_IS_CLIENT ) ) - { - uint16_t tls_id = MBEDTLS_GET_UINT16_BE( buf, 1 ); - - if( ( *buf != MBEDTLS_ECP_TLS_NAMED_CURVE ) || - ( mbedtls_ecp_curve_info_from_tls_id( tls_id ) == NULL ) ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - input_offset += 3; - } - /* Length is stored at the first byte */ length = buf[input_offset]; input_offset += 1; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4e986d1dff..6dd8ef50fe 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2333,9 +2333,31 @@ start_processing: if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) + /* + * The first 3 bytes are: + * [0] MBEDTLS_ECP_TLS_NAMED_CURVE + * [1, 2] elliptic curve's TLS ID + * + * However since we only support secp256r1 for now, we check only + * that TLS ID here + */ + uint16_t read_tls_id = MBEDTLS_GET_UINT16_BE( p, 1 ); + const mbedtls_ecp_curve_info *curve_info; + + if( ( curve_info = mbedtls_ecp_curve_info_from_grp_id( + MBEDTLS_ECP_DP_SECP256R1 ) ) == NULL ) + { + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + } + + if( ( *p != MBEDTLS_ECP_TLS_NAMED_CURVE ) || + ( read_tls_id != curve_info->tls_id ) ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + p += 3; + if( ( ret = mbedtls_psa_ecjpake_read_round_two( - &ssl->handshake->psa_pake_ctx, p, end - p, - ssl->conf->endpoint ) ) != 0 ) + &ssl->handshake->psa_pake_ctx, p, end - p ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 2e480636a0..3bc7217b79 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -4115,8 +4115,7 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) if( ( ret = mbedtls_psa_ecjpake_read_round_two( - &ssl->handshake->psa_pake_ctx, p, end - p, - ssl->conf->endpoint ) ) != 0 ) + &ssl->handshake->psa_pake_ctx, p, end - p ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); From 6b3dab03b5f0c3fe42ebfb83cf171192c08dd88f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 17:14:54 +0100 Subject: [PATCH 057/139] tls: psa_pake: use a single function for round one and two in key exchange read/write Signed-off-by: Valerio Setti --- library/ssl_misc.h | 48 +++++------------- library/ssl_tls.c | 101 +++++++------------------------------ library/ssl_tls12_client.c | 20 +++++--- library/ssl_tls12_server.c | 20 +++++--- 4 files changed, 57 insertions(+), 132 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 82a951a581..0f43a18f42 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2378,6 +2378,11 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) MBEDTLS_SSL_ECJPAKE_PSA_PRIMITIVE, \ step ) +typedef enum { + MBEDTLS_ECJPAKE_ROUND_ONE, + MBEDTLS_ECJPAKE_ROUND_TWO +} mbedtls_ecjpake_rounds_t; + /** * \brief Parse the provided input buffer for getting the first round * of key exchange. This code is common between server and client @@ -2385,27 +2390,15 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) * \param pake_ctx [in] the PAKE's operation/context structure * \param buf [in] input buffer to parse * \param len [in] length of the input buffer + * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or + * MBEDTLS_ECJPAKE_ROUND_TWO * * \return 0 on success or a negative error code in case of failure */ -int mbedtls_psa_ecjpake_read_round_one( +int mbedtls_psa_ecjpake_read_round( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len ); - -/** - * \brief Parse the provided input buffer for getting the second round - * of key exchange. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [in] input buffer to parse - * \param len [in] length of the input buffer - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_read_round_two( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, size_t len ); + size_t len, mbedtls_ecjpake_rounds_t round ); /** * \brief Write the first round of key exchange into the provided output @@ -2415,29 +2408,16 @@ int mbedtls_psa_ecjpake_read_round_two( * \param buf [out] the output buffer in which data will be written to * \param len [in] length of the output buffer * \param olen [out] the length of the data really written on the buffer + * \param round [in] either MBEDTLS_ECJPAKE_ROUND_ONE or + * MBEDTLS_ECJPAKE_ROUND_TWO * * \return 0 on success or a negative error code in case of failure */ -int mbedtls_psa_ecjpake_write_round_one( +int mbedtls_psa_ecjpake_write_round( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ); - -/** - * \brief Write the second round of key exchange into the provided output - * buffer. This code is common between server and client - * - * \param pake_ctx [in] the PAKE's operation/context structure - * \param buf [out] the output buffer in which data will be written to - * \param len [in] length of the output buffer - * \param olen [out] the length of the data really written on the buffer - * - * \return 0 on success or a negative error code in case of failure - */ -int mbedtls_psa_ecjpake_write_round_two( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen ); + size_t len, size_t *olen, + mbedtls_ecjpake_rounds_t round ); #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae12c7ebdf..a1fa8697b0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8196,16 +8196,20 @@ end: #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) -int mbedtls_psa_ecjpake_read_round_one( +int mbedtls_psa_ecjpake_read_round( psa_pake_operation_t *pake_ctx, const unsigned char *buf, - size_t len ) + size_t len, mbedtls_ecjpake_rounds_t round ) { psa_status_t status; size_t input_offset = 0; + /* + * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice + * At round two perform a single cycle + */ + unsigned int remaining_steps = ( round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1; x <= 2; ++x ) + for( ; remaining_steps > 0; remaining_steps-- ) { for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; step <= PSA_PAKE_STEP_ZK_PROOF; @@ -8237,59 +8241,25 @@ int mbedtls_psa_ecjpake_read_round_one( return( 0 ); } -int mbedtls_psa_ecjpake_read_round_two( - psa_pake_operation_t *pake_ctx, - const unsigned char *buf, - size_t len ) -{ - psa_status_t status; - size_t input_offset = 0; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - size_t length; - - /* Length is stored at the first byte */ - length = buf[input_offset]; - input_offset += 1; - - if( input_offset + length > len ) - { - return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; - } - - status = psa_pake_input( pake_ctx, step, - buf + input_offset, length ); - if( status != PSA_SUCCESS) - { - return psa_ssl_status_to_mbedtls( status ); - } - - input_offset += length; - } - - if ( input_offset != len ) - return PSA_ERROR_INVALID_ARGUMENT; - - return( 0 ); -} - -int mbedtls_psa_ecjpake_write_round_one( +int mbedtls_psa_ecjpake_write_round( psa_pake_operation_t *pake_ctx, unsigned char *buf, - size_t len, size_t *olen ) + size_t len, size_t *olen, + mbedtls_ecjpake_rounds_t round ) { psa_status_t status; size_t output_offset = 0; size_t output_len; + /* + * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice + * At round two perform a single cycle + */ + unsigned int remaining_steps = ( round == MBEDTLS_ECJPAKE_ROUND_ONE) ? 2 : 1; - /* Repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice */ - for( unsigned int x = 1 ; x <= 2 ; ++x ) + for( ; remaining_steps > 0; remaining_steps-- ) { - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; + for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE; + step <= PSA_PAKE_STEP_ZK_PROOF; ++step ) { /* For each step, prepend 1 byte with the length of the data */ @@ -8313,39 +8283,6 @@ int mbedtls_psa_ecjpake_write_round_one( return( 0 ); } - -int mbedtls_psa_ecjpake_write_round_two( - psa_pake_operation_t *pake_ctx, - unsigned char *buf, - size_t len, size_t *olen ) -{ - psa_status_t status; - size_t output_offset = 0; - size_t output_len; - - for( psa_pake_step_t step = PSA_PAKE_STEP_KEY_SHARE ; - step <= PSA_PAKE_STEP_ZK_PROOF ; - ++step ) - { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - status = psa_pake_output( pake_ctx, - step, buf + output_offset, - len - output_offset, - &output_len ); - if( status != PSA_SUCCESS ) - { - return( psa_ssl_status_to_mbedtls( status ) ); - } - - output_offset += output_len; - } - - *olen = output_offset; - - return( 0 ); -} #endif //MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 6dd8ef50fe..8fcf5a4f5e 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -164,8 +164,9 @@ static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_psa_ecjpake_write_round_one(&ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len ); + ret = mbedtls_psa_ecjpake_write_round(&ssl->handshake->psa_pake_ctx, + p + 2, end - p - 2, &kkpp_len, + MBEDTLS_ECJPAKE_ROUND_ONE ); if ( ret != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -908,8 +909,9 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, ssl->handshake->ecjpake_cache_len = 0; #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = mbedtls_psa_ecjpake_read_round_one( - &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) + if( ( ret = mbedtls_psa_ecjpake_read_round( + &ssl->handshake->psa_pake_ctx, buf, len, + MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); @@ -2356,8 +2358,9 @@ start_processing: p += 3; - if( ( ret = mbedtls_psa_ecjpake_read_round_two( - &ssl->handshake->psa_pake_ctx, p, end - p ) ) != 0 ) + if( ( ret = mbedtls_psa_ecjpake_read_round( + &ssl->handshake->psa_pake_ctx, p, end - p, + MBEDTLS_ECJPAKE_ROUND_TWO ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); @@ -3314,8 +3317,9 @@ ecdh_calc_secret: unsigned char *out_p = ssl->out_msg + header_len; unsigned char *end_p = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN - header_len; - ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, - out_p, end_p - out_p, &content_len ); + ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx, + out_p, end_p - out_p, &content_len, + MBEDTLS_ECJPAKE_ROUND_TWO ); if ( ret != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3bc7217b79..e6dee49c14 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -305,8 +305,9 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( ( ret = mbedtls_psa_ecjpake_read_round_one( - &ssl->handshake->psa_pake_ctx, buf, len ) ) != 0 ) + if ( ( ret = mbedtls_psa_ecjpake_read_round( + &ssl->handshake->psa_pake_ctx, buf, len, + MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); @@ -2019,8 +2020,9 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, p += 2; #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = mbedtls_psa_ecjpake_write_round_one( &ssl->handshake->psa_pake_ctx, - p + 2, end - p - 2, &kkpp_len ); + ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx, + p + 2, end - p - 2, &kkpp_len, + MBEDTLS_ECJPAKE_ROUND_ONE ); if ( ret != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2867,9 +2869,10 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 ); output_offset += sizeof( uint8_t ) + sizeof( uint16_t ); - ret = mbedtls_psa_ecjpake_write_round_two( &ssl->handshake->psa_pake_ctx, + ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx, out_p + output_offset, - end_p - out_p - output_offset, &output_len ); + end_p - out_p - output_offset, &output_len, + MBEDTLS_ECJPAKE_ROUND_TWO ); if( ret != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -4114,8 +4117,9 @@ static int ssl_parse_client_key_exchange( mbedtls_ssl_context *ssl ) if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE ) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - if( ( ret = mbedtls_psa_ecjpake_read_round_two( - &ssl->handshake->psa_pake_ctx, p, end - p ) ) != 0 ) + if( ( ret = mbedtls_psa_ecjpake_read_round( + &ssl->handshake->psa_pake_ctx, p, end - p, + MBEDTLS_ECJPAKE_ROUND_TWO ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); psa_pake_abort( &ssl->handshake->psa_pake_ctx ); From 819de86895383292f26ae83619f20eb853a00a75 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 18:05:19 +0100 Subject: [PATCH 058/139] tls: removed extra white spaces and other minor fix Signed-off-by: Valerio Setti --- library/ssl_tls.c | 6 +++--- library/ssl_tls12_server.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a1fa8697b0..fa415a8947 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8203,7 +8203,7 @@ int mbedtls_psa_ecjpake_read_round( { psa_status_t status; size_t input_offset = 0; - /* + /* * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice * At round two perform a single cycle */ @@ -8235,7 +8235,7 @@ int mbedtls_psa_ecjpake_read_round( } } - if ( input_offset != len ) + if( input_offset != len ) return PSA_ERROR_INVALID_ARGUMENT; return( 0 ); @@ -8250,7 +8250,7 @@ int mbedtls_psa_ecjpake_write_round( psa_status_t status; size_t output_offset = 0; size_t output_len; - /* + /* * At round one repeat the KEY_SHARE, ZK_PUBLIC & ZF_PROOF twice * At round two perform a single cycle */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index e6dee49c14..1e9e51b309 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -305,8 +305,8 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - if ( ( ret = mbedtls_psa_ecjpake_read_round( - &ssl->handshake->psa_pake_ctx, buf, len, + if( ( ret = mbedtls_psa_ecjpake_read_round( + &ssl->handshake->psa_pake_ctx, buf, len, MBEDTLS_ECJPAKE_ROUND_ONE ) ) != 0 ) { psa_destroy_key( ssl->handshake->psa_pake_password ); @@ -2867,7 +2867,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, } *out_p = MBEDTLS_ECP_TLS_NAMED_CURVE; MBEDTLS_PUT_UINT16_BE( curve_info->tls_id, out_p, 1 ); - output_offset += sizeof( uint8_t ) + sizeof( uint16_t ); + output_offset += 3; ret = mbedtls_psa_ecjpake_write_round( &ssl->handshake->psa_pake_ctx, out_p + output_offset, From aca21b717c26407f146f2bcf7ee7241854209639 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 17 Nov 2022 18:17:01 +0100 Subject: [PATCH 059/139] tls: psa_pake: enforce not empty passwords Signed-off-by: Valerio Setti --- include/mbedtls/ecjpake.h | 2 +- include/mbedtls/ssl.h | 3 ++- library/ssl_tls.c | 35 ++++++++++++++++------------------- 3 files changed, 19 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index e7ca1b2354..3dd3361a1b 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -113,7 +113,7 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * \param curve The identifier of the elliptic curve to use, * for example #MBEDTLS_ECP_DP_SECP256R1. * \param secret The pre-shared secret (passphrase). This must be - * a readable buffer of length \p len Bytes. It need + * a readable not empty buffer of length \p len Bytes. It need * only be valid for the duration of this call. * \param len The length of the pre-shared secret \p secret. * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 01ede4088d..085235721a 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3824,9 +3824,10 @@ void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, * \note The SSL context needs to be already set up. The right place * to call this function is between \c mbedtls_ssl_setup() or * \c mbedtls_ssl_reset() and \c mbedtls_ssl_handshake(). + * Password cannot be empty (see RFC 8236). * * \param ssl SSL context - * \param pw EC J-PAKE password (pre-shared secret) + * \param pw EC J-PAKE password (pre-shared secret). It cannot be empty * \param pw_len length of pw in bytes * * \return 0 on success, or a negative error code. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fa415a8947..062ff25dd8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1634,18 +1634,18 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, else psa_role = PSA_PAKE_ROLE_CLIENT; + /* Empty password is not valid */ + if( ( pw == NULL) || ( pw_len == 0 ) ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( pw_len > 0 ) - { - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); - psa_set_key_algorithm( &attributes, PSA_ALG_JPAKE ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); + psa_set_key_algorithm( &attributes, PSA_ALG_JPAKE ); + psa_set_key_type( &attributes, PSA_KEY_TYPE_PASSWORD ); - status = psa_import_key( &attributes, pw, pw_len, - &ssl->handshake->psa_pake_password ); - if( status != PSA_SUCCESS ) - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } + status = psa_import_key( &attributes, pw, pw_len, + &ssl->handshake->psa_pake_password ); + if( status != PSA_SUCCESS ) + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); psa_pake_cs_set_algorithm( &cipher_suite, PSA_ALG_JPAKE ); psa_pake_cs_set_primitive( &cipher_suite, @@ -1669,16 +1669,13 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - if( pw_len > 0 ) + psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, + ssl->handshake->psa_pake_password ); + if( status != PSA_SUCCESS ) { - psa_pake_set_password_key( &ssl->handshake->psa_pake_ctx, - ssl->handshake->psa_pake_password ); - if( status != PSA_SUCCESS ) - { - psa_destroy_key( ssl->handshake->psa_pake_password ); - psa_pake_abort( &ssl->handshake->psa_pake_ctx ); - return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); - } + psa_destroy_key( ssl->handshake->psa_pake_password ); + psa_pake_abort( &ssl->handshake->psa_pake_ctx ); + return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } ssl->handshake->psa_pake_ctx_is_ok = 1; From 61ea17d30a2da481987e634e100082fccc46062f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Nov 2022 12:11:00 +0100 Subject: [PATCH 060/139] tls: psa_pake: fix return values in parse functions Ensure they all belong to the MBEDTLS_ERR_SSL_* group Signed-off-by: Valerio Setti --- library/ssl_tls.c | 2 +- library/ssl_tls12_client.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 062ff25dd8..c1436c5321 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8233,7 +8233,7 @@ int mbedtls_psa_ecjpake_read_round( } if( input_offset != len ) - return PSA_ERROR_INVALID_ARGUMENT; + return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; return( 0 ); } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 8fcf5a4f5e..7c293ec9e4 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2354,7 +2354,7 @@ start_processing: if( ( *p != MBEDTLS_ECP_TLS_NAMED_CURVE ) || ( read_tls_id != curve_info->tls_id ) ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); p += 3; From 6969eee5d2a19b0aab2ffeece3d8a128e7f4e550 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 10 Oct 2022 10:25:26 +0800 Subject: [PATCH 061/139] Remove `Terminated` message on 22.04 Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index fdbb310506..53b3885c78 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1362,7 +1362,7 @@ do_run_test_once() { if [ -n "$PXY_CMD" ]; then kill $PXY_PID >/dev/null 2>&1 - wait $PXY_PID + wait $PXY_PID >> $PXY_OUT 2>&1 fi } From 0b61217c36b19dadc278d6793a59e1b42475ec82 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 12 Oct 2022 15:29:58 +0800 Subject: [PATCH 062/139] set new_session_ticket_* to handshake_over Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d0558511a8..3665545874 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4651,7 +4651,9 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); */ static inline int mbedtls_ssl_is_handshake_over( mbedtls_ssl_context *ssl ) { - return( ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_HANDSHAKE_OVER ); + return( ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_HANDSHAKE_OVER || + ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_NEW_SESSION_TICKET || + ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH); } /** From e219c11b4e61b9f3f5077175fc083b26dc76e523 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 24 Oct 2022 01:27:01 +0000 Subject: [PATCH 063/139] Replace internal usage of mbedtls_ssl_is_handshake_over Signed-off-by: Jerry Yu --- library/ssl_msg.c | 28 ++++++++++++++-------------- library/ssl_tls.c | 12 ++++++------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dbc6391885..c4af7bf6de 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1883,7 +1883,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) timeout = ssl->handshake->retransmit_timeout; else timeout = ssl->conf->read_timeout; @@ -1907,7 +1907,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); mbedtls_ssl_set_timer( ssl, 0 ); - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ssl_double_retransmit_timeout( ssl ) != 0 ) { @@ -2343,7 +2343,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) return( ret ); /* Update state and set timer */ - if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; else { @@ -2936,9 +2936,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 && + ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( mbedtls_ssl_is_handshake_over( ssl ) == 1 && + ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { if( recv_msg_seq > ssl->handshake->in_msg_seq ) @@ -3004,7 +3004,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) { ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); } @@ -3651,7 +3651,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) */ if( rec_epoch == 0 && ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - mbedtls_ssl_is_handshake_over( ssl ) == 1 && + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_left > 13 && ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) @@ -4821,7 +4821,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) /* Drop unexpected ApplicationData records, * except at the beginning of renegotiations */ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - mbedtls_ssl_is_handshake_over( ssl ) == 0 + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER #if defined(MBEDTLS_SSL_RENEGOTIATION) && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->state == MBEDTLS_SSL_SERVER_HELLO ) @@ -4833,7 +4833,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); } @@ -5258,7 +5258,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) int in_ctr_cmp; int out_ctr_cmp; - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 || + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) { @@ -5502,7 +5502,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } #endif - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake( ssl ); if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && @@ -5613,7 +5613,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* We're going to return something now, cancel timer, * except if handshake (renegotiation) is in progress */ - if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) mbedtls_ssl_set_timer( ssl, 0 ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -5758,7 +5758,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ } #endif - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) { @@ -5786,7 +5786,7 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); - if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ( ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da90b2350f..5eca7eec00 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -168,7 +168,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, *enabled = MBEDTLS_SSL_CID_DISABLED; if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3602,7 +3602,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ssl == NULL || ssl->conf == NULL || ssl->handshake == NULL || - mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3706,7 +3706,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); /* Main handshake loop */ - while( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake_step( ssl ); @@ -3807,7 +3807,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) /* On server, just send the request */ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; @@ -3827,7 +3827,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 ) @@ -4130,7 +4130,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * (only DTLS) but are currently used to simplify the implementation. */ /* The initial handshake must be over */ - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); From 6848a619229a9d12542ab721009002bef92cf245 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Oct 2022 13:03:26 +0800 Subject: [PATCH 064/139] Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3. Signed-off-by: Jerry Yu --- library/ssl_msg.c | 28 ++++++++++++++-------------- library/ssl_tls.c | 12 ++++++------ 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c4af7bf6de..dbc6391885 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1883,7 +1883,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) timeout = ssl->handshake->retransmit_timeout; else timeout = ssl->conf->read_timeout; @@ -1907,7 +1907,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); mbedtls_ssl_set_timer( ssl, 0 ); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { if( ssl_double_retransmit_timeout( ssl ) != 0 ) { @@ -2343,7 +2343,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) return( ret ); /* Update state and set timer */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; else { @@ -2936,9 +2936,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 && recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ( mbedtls_ssl_is_handshake_over( ssl ) == 1 && ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { if( recv_msg_seq > ssl->handshake->in_msg_seq ) @@ -3004,7 +3004,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL ) { ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); } @@ -3651,7 +3651,7 @@ static int ssl_check_client_reconnect( mbedtls_ssl_context *ssl ) */ if( rec_epoch == 0 && ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + mbedtls_ssl_is_handshake_over( ssl ) == 1 && ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && ssl->in_left > 13 && ssl->in_buf[13] == MBEDTLS_SSL_HS_CLIENT_HELLO ) @@ -4821,7 +4821,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) /* Drop unexpected ApplicationData records, * except at the beginning of renegotiations */ if( ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA && - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER + mbedtls_ssl_is_handshake_over( ssl ) == 0 #if defined(MBEDTLS_SSL_RENEGOTIATION) && ! ( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->state == MBEDTLS_SSL_SERVER_HELLO ) @@ -4833,7 +4833,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + mbedtls_ssl_is_handshake_over( ssl ) == 1 ) { mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); } @@ -5258,7 +5258,7 @@ static int ssl_check_ctr_renegotiate( mbedtls_ssl_context *ssl ) int in_ctr_cmp; int out_ctr_cmp; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER || + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 || ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING || ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ) { @@ -5502,7 +5502,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { ret = mbedtls_ssl_handshake( ssl ); if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && @@ -5613,7 +5613,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) /* We're going to return something now, cancel timer, * except if handshake (renegotiation) is in progress */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) mbedtls_ssl_set_timer( ssl, 0 ); #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -5758,7 +5758,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ } #endif - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) { @@ -5786,7 +5786,7 @@ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write close notify" ) ); - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) { if( ( ret = mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_WARNING, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5eca7eec00..da90b2350f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -168,7 +168,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, *enabled = MBEDTLS_SSL_CID_DISABLED; if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3602,7 +3602,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ssl == NULL || ssl->conf == NULL || ssl->handshake == NULL || - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + mbedtls_ssl_is_handshake_over( ssl ) == 1 ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3706,7 +3706,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); /* Main handshake loop */ - while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + while( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { ret = mbedtls_ssl_handshake_step( ssl ); @@ -3807,7 +3807,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) /* On server, just send the request */ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER ) { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; @@ -3827,7 +3827,7 @@ int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl ) */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) { - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); if( ( ret = mbedtls_ssl_start_renegotiation( ssl ) ) != 0 ) @@ -4130,7 +4130,7 @@ int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl, * (only DTLS) but are currently used to simplify the implementation. */ /* The initial handshake must be over */ - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Initial handshake isn't over" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); From 5ed73ff6de713a91c5486f09136c08947d84819a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Oct 2022 13:08:42 +0800 Subject: [PATCH 065/139] Add NEW_SESSION_TICKET* into handshake over states All state list after HANDSHAKE_OVER as is_handshakeover Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 8 +++----- library/ssl_tls.c | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 3665545874..8c4d76c861 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -661,8 +661,6 @@ typedef enum MBEDTLS_SSL_SERVER_FINISHED, MBEDTLS_SSL_FLUSH_BUFFERS, MBEDTLS_SSL_HANDSHAKE_WRAPUP, - MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, @@ -671,6 +669,8 @@ typedef enum MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, + MBEDTLS_SSL_HANDSHAKE_OVER, + MBEDTLS_SSL_NEW_SESSION_TICKET, MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH, } mbedtls_ssl_states; @@ -4651,9 +4651,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ); */ static inline int mbedtls_ssl_is_handshake_over( mbedtls_ssl_context *ssl ) { - return( ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_HANDSHAKE_OVER || - ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_NEW_SESSION_TICKET || - ssl->MBEDTLS_PRIVATE( state ) == MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH); + return( ssl->MBEDTLS_PRIVATE( state ) >= MBEDTLS_SSL_HANDSHAKE_OVER ); } /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index da90b2350f..df57c9f966 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7544,7 +7544,7 @@ void mbedtls_ssl_handshake_wrapup( mbedtls_ssl_context *ssl ) #endif mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); - ssl->state++; + ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER; MBEDTLS_SSL_DEBUG_MSG( 3, ( "<= handshake wrapup" ) ); } From 1fb3299ad76abb608fe667a83169d65383d31e50 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Oct 2022 13:18:19 +0800 Subject: [PATCH 066/139] Replace internal usage of is_handshake_over. NEW_SESSION_TICKETS* are processed in handshake_step. Change the stop condition from `mbedtls_ssl_is_handshake_over` to directly check. Signed-off-by: Jerry Yu --- library/ssl_msg.c | 16 ++++++++-------- library/ssl_tls.c | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index dbc6391885..5d56dd6f46 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1883,7 +1883,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) timeout = ssl->handshake->retransmit_timeout; else timeout = ssl->conf->read_timeout; @@ -1907,7 +1907,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "timeout" ) ); mbedtls_ssl_set_timer( ssl, 0 ); - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ssl_double_retransmit_timeout( ssl ) != 0 ) { @@ -2936,9 +2936,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 && + ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( mbedtls_ssl_is_handshake_over( ssl ) == 1 && + ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { if( recv_msg_seq > ssl->handshake->in_msg_seq ) @@ -3004,7 +3004,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) { ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); } @@ -4833,7 +4833,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); } @@ -5502,7 +5502,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } #endif - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake( ssl ); if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && @@ -5758,7 +5758,7 @@ int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_ } #endif - if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { if( ( ret = mbedtls_ssl_handshake( ssl ) ) != 0 ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index df57c9f966..506333d777 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3602,7 +3602,7 @@ int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl ) if( ssl == NULL || ssl->conf == NULL || ssl->handshake == NULL || - mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) { return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -3706,7 +3706,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> handshake" ) ); /* Main handshake loop */ - while( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) + while( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) { ret = mbedtls_ssl_handshake_step( ssl ); From c5826eaba2e2770e25492e71a27bc5262947faa4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Oct 2022 17:20:26 +0800 Subject: [PATCH 067/139] Add debug message Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 53b3885c78..3ec345caaa 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11139,8 +11139,8 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ + "$G_NEXT_SRV -u --mtu 512 -d 10" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 debug_level=5" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" From cfda4bbeac554a4f77249d456e3c1946e17145b3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 27 Oct 2022 22:20:49 +0800 Subject: [PATCH 068/139] Replace handshake over in flight transmit Fix deadloop in DTLS resumption test. Signed-off-by: Jerry Yu --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5d56dd6f46..eae1ddead6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2343,7 +2343,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) return( ret ); /* Update state and set timer */ - if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) + if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; else { From a8d3c5048f2553e11d6837724bbf4e1ceb89fcc9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 30 Oct 2022 14:51:23 +0800 Subject: [PATCH 069/139] Rename new session ticket name for TLS 1.3 NewSessionTicket is different with TLS 1.2. It should not share same state. Signed-off-by: Jerry Yu --- include/mbedtls/ssl.h | 6 ++++-- library/ssl_msg.c | 2 +- library/ssl_tls13_client.c | 4 ++-- library/ssl_tls13_server.c | 18 +++++++++--------- tests/ssl-opt.sh | 20 ++++++++++---------- 5 files changed, 26 insertions(+), 24 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 8c4d76c861..afb634e2f8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -661,6 +661,8 @@ typedef enum MBEDTLS_SSL_SERVER_FINISHED, MBEDTLS_SSL_FLUSH_BUFFERS, MBEDTLS_SSL_HANDSHAKE_WRAPUP, + + MBEDTLS_SSL_NEW_SESSION_TICKET, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT, MBEDTLS_SSL_HELLO_RETRY_REQUEST, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS, @@ -670,8 +672,8 @@ typedef enum MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO, MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST, MBEDTLS_SSL_HANDSHAKE_OVER, - MBEDTLS_SSL_NEW_SESSION_TICKET, - MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH, + MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET, + MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH, } mbedtls_ssl_states; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index eae1ddead6..0a414abf9d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5299,7 +5299,7 @@ static int ssl_tls13_check_new_session_ticket( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "NewSessionTicket received" ) ); mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_NEW_SESSION_TICKET ); + MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET ); return( MBEDTLS_ERR_SSL_WANT_READ ); } diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0372f2d98d..db8476c759 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2743,7 +2743,7 @@ static int ssl_tls13_postprocess_new_session_ticket( mbedtls_ssl_context *ssl, } /* - * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_process_new_session_ticket( mbedtls_ssl_context *ssl ) @@ -2857,7 +2857,7 @@ int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_NEW_SESSION_TICKET: + case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: ret = ssl_tls13_process_new_session_ticket( ssl ); if( ret != 0 ) break; diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 3cd03108f6..ce8767c5fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2628,7 +2628,7 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) mbedtls_ssl_tls13_handshake_wrapup( ssl ); #if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET ); #else mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); #endif @@ -2636,7 +2636,7 @@ static int ssl_tls13_handshake_wrapup( mbedtls_ssl_context *ssl ) } /* - * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET */ #define SSL_NEW_SESSION_TICKET_SKIP 0 #define SSL_NEW_SESSION_TICKET_WRITE 1 @@ -2872,7 +2872,7 @@ static int ssl_tls13_write_new_session_ticket_body( mbedtls_ssl_context *ssl, } /* - * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET + * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET */ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) { @@ -2908,8 +2908,8 @@ static int ssl_tls13_write_new_session_ticket( mbedtls_ssl_context *ssl ) else ssl->handshake->new_session_tickets_count--; - mbedtls_ssl_handshake_set_state( ssl, - MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH ); + mbedtls_ssl_handshake_set_state( + ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH ); } else { @@ -3045,7 +3045,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) - case MBEDTLS_SSL_NEW_SESSION_TICKET: + case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET: ret = ssl_tls13_write_new_session_ticket( ssl ); if( ret != 0 ) { @@ -3054,9 +3054,9 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) ret ); } break; - case MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH: + case MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH: /* This state is necessary to do the flush of the New Session - * Ticket message written in MBEDTLS_SSL_NEW_SESSION_TICKET + * Ticket message written in MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET * as part of ssl_prepare_handshake_step. */ ret = 0; @@ -3064,7 +3064,7 @@ int mbedtls_ssl_tls13_handshake_server_step( mbedtls_ssl_context *ssl ) if( ssl->handshake->new_session_tickets_count == 0 ) mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER ); else - mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_NEW_SESSION_TICKET ); + mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET ); break; #endif /* MBEDTLS_SSL_SESSION_TICKETS */ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3ec345caaa..062e68858a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -12920,8 +12920,8 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \ "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 0 \ -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" requires_gnutls_tls1_3 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS @@ -12937,8 +12937,8 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ -c "Connecting again- trying to resume previous session" \ -c "NEW SESSION TICKET (4) was received" \ -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ -s "key exchange mode: ephemeral" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" @@ -12960,8 +12960,8 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ -c "Reconnecting with saved session" \ -c "HTTP/1.0 200 OK" \ -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ -s "key exchange mode: ephemeral" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" @@ -13015,8 +13015,8 @@ run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ -c "Reconnecting with saved session" \ -c "HTTP/1.0 200 OK" \ -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ -s "key exchange mode: ephemeral" \ -s "key exchange mode: psk_ephemeral" \ -s "found pre_shared_key extension" @@ -13039,8 +13039,8 @@ run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ -c "Reconnecting with saved session" \ -c "Hostname mismatch the session ticket, disable session resumption." \ -s "=> write NewSessionTicket msg" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \ - -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH" + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ + -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 From 668070d5f41b425ce98a14f4f5e048e4366899a1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 9 Nov 2022 22:49:19 +0800 Subject: [PATCH 070/139] Remove unnecessary replace Signed-off-by: Jerry Yu --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0a414abf9d..9eb1b79674 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1883,7 +1883,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want ) { len = in_buf_len - ( ssl->in_hdr - ssl->in_buf ); - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 ) timeout = ssl->handshake->retransmit_timeout; else timeout = ssl->conf->read_timeout; @@ -3004,7 +3004,7 @@ void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl ) { mbedtls_ssl_handshake_params * const hs = ssl->handshake; - if( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && hs != NULL ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 0 && hs != NULL ) { ssl->handshake->update_checksum( ssl, ssl->in_msg, ssl->in_hslen ); } From 9b421456b05c0b0c8354bb965e9e431159cd0c00 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Nov 2022 21:09:41 +0800 Subject: [PATCH 071/139] Revert change in dtls1.2 Signed-off-by: Jerry Yu --- library/ssl_msg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9eb1b79674..cacedcaf99 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2936,9 +2936,9 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ( ( ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER && + ( ( mbedtls_ssl_is_handshake_over( ssl ) == 0 && recv_msg_seq != ssl->handshake->in_msg_seq ) || - ( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER && + ( mbedtls_ssl_is_handshake_over( ssl ) == 1 && ssl->in_msg[0] != MBEDTLS_SSL_HS_CLIENT_HELLO ) ) ) { if( recv_msg_seq > ssl->handshake->in_msg_seq ) @@ -4833,7 +4833,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl ) } if( ssl->handshake != NULL && - ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + mbedtls_ssl_is_handshake_over( ssl ) == 1 ) { mbedtls_ssl_handshake_wrapup_free_hs_transform( ssl ); } From dddd35ccf37b8372ff99c71faba367cec3e5714b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 20 Nov 2022 12:30:58 +0800 Subject: [PATCH 072/139] remvoe unrelative change Signed-off-by: Jerry Yu --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 062e68858a..a4789db816 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -11139,8 +11139,8 @@ not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_NEXT_SRV -u --mtu 512 -d 10" \ - "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 debug_level=5" \ + "$G_NEXT_SRV -u --mtu 512" \ + "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" From 0cd8967ba10a8f1d6a2b9be1e4f1a8289e8484ee Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 9 Nov 2022 12:14:14 +0000 Subject: [PATCH 073/139] Split test generator base class The class BaseTarget served two purposes: - track test cases and target files for generation - provide an abstract base class for individual test groups Splitting these allows decoupling these two and to have further common superclasses across targets. No intended change in generated test cases. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 5 ++-- scripts/mbedtls_dev/bignum_core.py | 14 +++++------ scripts/mbedtls_dev/bignum_mod.py | 6 ++--- scripts/mbedtls_dev/bignum_mod_raw.py | 4 +-- scripts/mbedtls_dev/test_data_generation.py | 28 +++++++++++++-------- tests/scripts/generate_bignum_tests.py | 6 ++--- 6 files changed, 35 insertions(+), 28 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 8b11bc283c..ba30be40ee 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -17,6 +17,8 @@ from abc import abstractmethod from typing import Iterator, List, Tuple, TypeVar +from . import test_data_generation + T = TypeVar('T') #pylint: disable=invalid-name def invmod(a: int, n: int) -> int: @@ -63,8 +65,7 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" return [(x, y) for x in values for y in values] - -class OperationCommon: +class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. This adds functionality common in binary operation tests. diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 0cc86b8096..db9d1b7ca7 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -16,20 +16,19 @@ import random -from abc import ABCMeta from typing import Dict, Iterator, List, Tuple from . import test_case from . import test_data_generation from . import bignum_common -class BignumCoreTarget(test_data_generation.BaseTarget, metaclass=ABCMeta): - #pylint: disable=abstract-method +class BignumCoreTarget(test_data_generation.BaseTarget): + #pylint: disable=abstract-method, too-few-public-methods """Target for bignum core test case generation.""" target_basename = 'test_suite_bignum_core.generated' -class BignumCoreShiftR(BignumCoreTarget, metaclass=ABCMeta): +class BignumCoreShiftR(BignumCoreTarget, test_data_generation.BaseTest): """Test cases for mbedtls_bignum_core_shift_r().""" count = 0 test_function = "mpi_core_shift_r" @@ -69,7 +68,7 @@ class BignumCoreShiftR(BignumCoreTarget, metaclass=ABCMeta): for count in counts: yield cls(input_hex, descr, count).create_test_case() -class BignumCoreCTLookup(BignumCoreTarget, metaclass=ABCMeta): +class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): """Test cases for mbedtls_mpi_core_ct_uint_table_lookup().""" test_function = "mpi_core_ct_uint_table_lookup" test_name = "Constant time MPI table lookup" @@ -107,7 +106,8 @@ class BignumCoreCTLookup(BignumCoreTarget, metaclass=ABCMeta): yield (cls(bitsize, bitsize_description, window_size) .create_test_case()) -class BignumCoreOperation(bignum_common.OperationCommon, BignumCoreTarget, metaclass=ABCMeta): +class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon, + metaclass=ABCMeta): #pylint: disable=abstract-method """Common features for bignum core operations.""" input_values = [ @@ -297,7 +297,7 @@ class BignumCoreMLA(BignumCoreOperation): yield cur_op.create_test_case() -class BignumCoreMontmul(BignumCoreTarget): +class BignumCoreMontmul(BignumCoreTarget, test_data_generation.BaseTest): """Test cases for Montgomery multiplication.""" count = 0 test_function = "mpi_core_montmul" diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py index 2bd7fbbda3..a604cc0c59 100644 --- a/scripts/mbedtls_dev/bignum_mod.py +++ b/scripts/mbedtls_dev/bignum_mod.py @@ -14,12 +14,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -from abc import ABCMeta - from . import test_data_generation -class BignumModTarget(test_data_generation.BaseTarget, metaclass=ABCMeta): - #pylint: disable=abstract-method +class BignumModTarget(test_data_generation.BaseTarget): + #pylint: disable=abstract-method, too-few-public-methods """Target for bignum mod test case generation.""" target_basename = 'test_suite_bignum_mod.generated' diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index bd694a6084..4f12d9a865 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -21,8 +21,8 @@ from . import test_case from . import test_data_generation from . import bignum_common -class BignumModRawTarget(test_data_generation.BaseTarget, metaclass=ABCMeta): - #pylint: disable=abstract-method +class BignumModRawTarget(test_data_generation.BaseTarget): + #pylint: disable=abstract-method, too-few-public-methods """Target for bignum mod_raw test case generation.""" target_basename = 'test_suite_bignum_mod_raw.generated' diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py index eec0f9d978..3d703eec7d 100644 --- a/scripts/mbedtls_dev/test_data_generation.py +++ b/scripts/mbedtls_dev/test_data_generation.py @@ -25,6 +25,7 @@ import argparse import os import posixpath import re +import inspect from abc import ABCMeta, abstractmethod from typing import Callable, Dict, Iterable, Iterator, List, Type, TypeVar @@ -35,12 +36,8 @@ from . import test_case T = TypeVar('T') #pylint: disable=invalid-name -class BaseTarget(metaclass=ABCMeta): - """Base target for test case generation. - - Child classes of this class represent an output file, and can be referred - to as file targets. These indicate where test cases will be written to for - all subclasses of the file target, which is set by `target_basename`. +class BaseTest(metaclass=ABCMeta): + """Base class for test case generation. Attributes: count: Counter for test cases from this class. @@ -48,8 +45,6 @@ class BaseTarget(metaclass=ABCMeta): automatically generated using the class, or manually set. dependencies: A list of dependencies required for the test case. show_test_count: Toggle for inclusion of `count` in the test description. - target_basename: Basename of file to write generated tests to. This - should be specified in a child class of BaseTarget. test_function: Test function which the class generates cases for. test_name: A common name or description of the test function. This can be `test_function`, a clearer equivalent, or a short summary of the @@ -59,7 +54,6 @@ class BaseTarget(metaclass=ABCMeta): case_description = "" dependencies = [] # type: List[str] show_test_count = True - target_basename = "" test_function = "" test_name = "" @@ -121,6 +115,20 @@ class BaseTarget(metaclass=ABCMeta): """ raise NotImplementedError + +class BaseTarget: + """Base target for test case generation. + + Child classes of this class represent an output file, and can be referred + to as file targets. These indicate where test cases will be written to for + all subclasses of the file target, which is set by `target_basename`. + + Attributes: + target_basename: Basename of file to write generated tests to. This + should be specified in a child class of BaseTarget. + """ + target_basename = "" + @classmethod def generate_tests(cls) -> Iterator[test_case.TestCase]: """Generate test cases for the class and its subclasses. @@ -132,7 +140,7 @@ class BaseTarget(metaclass=ABCMeta): yield from `generate_tests()` in each. Calling this method on a class X will yield test cases from all classes derived from X. """ - if cls.test_function: + if issubclass(cls, BaseTest) and not inspect.isabstract(cls): yield from cls.generate_function_tests() for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__): yield from subclass.generate_tests() diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index eee2f657ad..9e5db3a11f 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -68,13 +68,13 @@ from mbedtls_dev import bignum_common # the framework from mbedtls_dev import bignum_core, bignum_mod_raw # pylint: disable=unused-import -class BignumTarget(test_data_generation.BaseTarget, metaclass=ABCMeta): - #pylint: disable=abstract-method +class BignumTarget(test_data_generation.BaseTarget): """Target for bignum (legacy) test case generation.""" target_basename = 'test_suite_bignum.generated' -class BignumOperation(bignum_common.OperationCommon, BignumTarget, metaclass=ABCMeta): +class BignumOperation(bignum_common.OperationCommon, BignumTarget, + metaclass=ABCMeta): #pylint: disable=abstract-method """Common features for bignum operations in legacy tests.""" input_values = [ From 87df373e0e52949dbe394893ad768e563c2683a4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 9 Nov 2022 12:31:23 +0000 Subject: [PATCH 074/139] Bignum test: Move identical function to superclass No intended change in generated test cases. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 6 ++++++ scripts/mbedtls_dev/bignum_core.py | 5 ----- tests/scripts/generate_bignum_tests.py | 5 ----- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index ba30be40ee..02241141f9 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -17,6 +17,7 @@ from abc import abstractmethod from typing import Iterator, List, Tuple, TypeVar +from . import test_case from . import test_data_generation T = TypeVar('T') #pylint: disable=invalid-name @@ -122,6 +123,11 @@ class OperationCommon(test_data_generation.BaseTest): ) yield from cls.input_cases + @classmethod + def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + for a_value, b_value in cls.get_value_pairs(): + yield cls(a_value, b_value).create_test_case() + # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index db9d1b7ca7..a1c2e1bc63 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -144,11 +144,6 @@ class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon, ) return super().description() - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - yield cls(a_value, b_value).create_test_case() - class BignumCoreOperationArchSplit(BignumCoreOperation): #pylint: disable=abstract-method diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 9e5db3a11f..d923828cec 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -132,11 +132,6 @@ class BignumOperation(bignum_common.OperationCommon, BignumTarget, tmp = "large " + tmp return tmp - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - yield cls(a_value, b_value).create_test_case() - class BignumCmp(BignumOperation): """Test cases for bignum value comparison.""" From 3aeb60add6038855fc63704947824a016a6e79fc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 9 Nov 2022 13:24:46 +0000 Subject: [PATCH 075/139] Bignum test: move archsplit to superclass We need arch split tests in different modules, moving it to the common module makes it reusable. No intended changes in the generated tests. (The position of the core_add_if tests changed, but they are still all there.) Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 46 +++++++++++++++ scripts/mbedtls_dev/bignum_core.py | 88 +++++++++------------------- 2 files changed, 73 insertions(+), 61 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 02241141f9..7ab788be0a 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -97,6 +97,19 @@ class OperationCommon(test_data_generation.BaseTest): quote_str(self.arg_a), quote_str(self.arg_b) ] + self.result() + def description(self) -> str: + """Generate a description for the test case. + + If not set, case_description uses the form A `symbol` B, where symbol + is used to represent the operation. Descriptions of each value are + generated to provide some context to the test case. + """ + if not self.case_description: + self.case_description = "{:x} {} {:x}".format( + self.int_a, self.symbol, self.int_b + ) + return super().description() + @abstractmethod def result(self) -> List[str]: """Get the result of the operation. @@ -128,6 +141,39 @@ class OperationCommon(test_data_generation.BaseTest): for a_value, b_value in cls.get_value_pairs(): yield cls(a_value, b_value).create_test_case() + +class OperationCommonArchSplit(OperationCommon): + #pylint: disable=abstract-method + """Common features for operations where the result depends on + the limb size.""" + + def __init__(self, val_a: str, val_b: str, bits_in_limb: int) -> None: + super().__init__(val_a, val_b) + bound_val = max(self.int_a, self.int_b) + self.bits_in_limb = bits_in_limb + self.bound = bound_mpi(bound_val, self.bits_in_limb) + limbs = limbs_mpi(bound_val, self.bits_in_limb) + byte_len = limbs * self.bits_in_limb // 8 + self.hex_digits = 2 * byte_len + if self.bits_in_limb == 32: + self.dependencies = ["MBEDTLS_HAVE_INT32"] + elif self.bits_in_limb == 64: + self.dependencies = ["MBEDTLS_HAVE_INT64"] + else: + raise ValueError("Invalid number of bits in limb!") + self.arg_a = self.arg_a.zfill(self.hex_digits) + self.arg_b = self.arg_b.zfill(self.hex_digits) + + def pad_to_limbs(self, val) -> str: + return "{:x}".format(val).zfill(self.hex_digits) + + @classmethod + def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + for a_value, b_value in cls.get_value_pairs(): + yield cls(a_value, b_value, 32).create_test_case() + yield cls(a_value, b_value, 64).create_test_case() + + # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index a1c2e1bc63..591e53c203 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -106,75 +106,41 @@ class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): yield (cls(bitsize, bitsize_description, window_size) .create_test_case()) -class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon, - metaclass=ABCMeta): +INPUT_VALUES = [ + "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", + "fffffffe", "ffffffff", "100000000", "1f7f7f7f7f7f7f", + "8000000000000000", "fefefefefefefefe", "fffffffffffffffe", + "ffffffffffffffff", "10000000000000000", "1234567890abcdef0", + "fffffffffffffffffefefefefefefefe", "fffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffff", "100000000000000000000000000000000", + "1234567890abcdef01234567890abcdef0", + "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "10000000000000000000000000000000000000000000000000000000000000000", + "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", + ( + "4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029" + "643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947" + "c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0" + "cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b" + ) +] + + +class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon): #pylint: disable=abstract-method """Common features for bignum core operations.""" - input_values = [ - "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", - "fffffffe", "ffffffff", "100000000", "1f7f7f7f7f7f7f", - "8000000000000000", "fefefefefefefefe", "fffffffffffffffe", - "ffffffffffffffff", "10000000000000000", "1234567890abcdef0", - "fffffffffffffffffefefefefefefefe", "fffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffff", "100000000000000000000000000000000", - "1234567890abcdef01234567890abcdef0", - "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe", - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "10000000000000000000000000000000000000000000000000000000000000000", - "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", - ( - "4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029" - "643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947" - "c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0" - "cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b" - ) - ] - - def description(self) -> str: - """Generate a description for the test case. - - If not set, case_description uses the form A `symbol` B, where symbol - is used to represent the operation. Descriptions of each value are - generated to provide some context to the test case. - """ - if not self.case_description: - self.case_description = "{:x} {} {:x}".format( - self.int_a, self.symbol, self.int_b - ) - return super().description() + input_values = INPUT_VALUES -class BignumCoreOperationArchSplit(BignumCoreOperation): +class BignumCoreOperationArchSplit(BignumCoreTarget, + bignum_common.OperationCommonArchSplit): #pylint: disable=abstract-method """Common features for bignum core operations where the result depends on the limb size.""" + input_values = INPUT_VALUES - def __init__(self, val_a: str, val_b: str, bits_in_limb: int) -> None: - super().__init__(val_a, val_b) - bound_val = max(self.int_a, self.int_b) - self.bits_in_limb = bits_in_limb - self.bound = bignum_common.bound_mpi(bound_val, self.bits_in_limb) - limbs = bignum_common.limbs_mpi(bound_val, self.bits_in_limb) - byte_len = limbs * self.bits_in_limb // 8 - self.hex_digits = 2 * byte_len - if self.bits_in_limb == 32: - self.dependencies = ["MBEDTLS_HAVE_INT32"] - elif self.bits_in_limb == 64: - self.dependencies = ["MBEDTLS_HAVE_INT64"] - else: - raise ValueError("Invalid number of bits in limb!") - self.arg_a = self.arg_a.zfill(self.hex_digits) - self.arg_b = self.arg_b.zfill(self.hex_digits) - - def pad_to_limbs(self, val) -> str: - return "{:x}".format(val).zfill(self.hex_digits) - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - yield cls(a_value, b_value, 32).create_test_case() - yield cls(a_value, b_value, 64).create_test_case() class BignumCoreAddAndAddIf(BignumCoreOperationArchSplit): """Test cases for bignum core add and add-if.""" From 351e6885f55fd6354b57b51a5dbaadf3231aa7c8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 9 Nov 2022 16:04:41 +0000 Subject: [PATCH 076/139] Make pylint happy Signed-off-by: Janos Follath --- scripts/mbedtls_dev/test_data_generation.py | 2 ++ tests/scripts/generate_bignum_tests.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py index 3d703eec7d..02aa510518 100644 --- a/scripts/mbedtls_dev/test_data_generation.py +++ b/scripts/mbedtls_dev/test_data_generation.py @@ -117,6 +117,7 @@ class BaseTest(metaclass=ABCMeta): class BaseTarget: + #pylint: disable=too-few-public-methods """Base target for test case generation. Child classes of this class represent an output file, and can be referred @@ -141,6 +142,7 @@ class BaseTarget: will yield test cases from all classes derived from X. """ if issubclass(cls, BaseTest) and not inspect.isabstract(cls): + #pylint: disable=no-member yield from cls.generate_function_tests() for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__): yield from subclass.generate_tests() diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index d923828cec..89d0ac29e0 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -57,7 +57,7 @@ of BaseTarget in test_data_generation.py. import sys from abc import ABCMeta -from typing import Iterator, List +from typing import List import scripts_path # pylint: disable=unused-import from mbedtls_dev import test_case @@ -69,6 +69,7 @@ from mbedtls_dev import bignum_common from mbedtls_dev import bignum_core, bignum_mod_raw # pylint: disable=unused-import class BignumTarget(test_data_generation.BaseTarget): + #pylint: disable=too-few-public-methods """Target for bignum (legacy) test case generation.""" target_basename = 'test_suite_bignum.generated' From 5b1dbb4cbcdad4f3c37e40219c3f1a2398d7d87d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Nov 2022 13:32:43 +0000 Subject: [PATCH 077/139] Bignum Tests: Move ModOperation to common The class BignumModRawOperation implements functionality that are needed in other modules, therefore we move it to common. No intended changes to test cases. The order of add_and_add_if and sub tests have been switched. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 52 +++++++++++++++++++++++++ scripts/mbedtls_dev/bignum_mod_raw.py | 55 +-------------------------- 2 files changed, 54 insertions(+), 53 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 7ab788be0a..28e27b0392 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -142,6 +142,58 @@ class OperationCommon(test_data_generation.BaseTest): yield cls(a_value, b_value).create_test_case() +class ModOperationCommon(OperationCommon): + #pylint: disable=abstract-method + """Target for bignum mod_raw test case generation.""" + + def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: + super().__init__(val_a=val_a, val_b=val_b) + self.val_n = val_n + self.bits_in_limb = bits_in_limb + + @property + def int_n(self) -> int: + return hex_to_int(self.val_n) + + @property + def boundary(self) -> int: + data_in = [self.int_a, self.int_b, self.int_n] + return max([n for n in data_in if n is not None]) + + @property + def limbs(self) -> int: + return limbs_mpi(self.boundary, self.bits_in_limb) + + @property + def hex_digits(self) -> int: + return 2 * (self.limbs * self.bits_in_limb // 8) + + @property + def hex_n(self) -> str: + return "{:x}".format(self.int_n).zfill(self.hex_digits) + + @property + def hex_a(self) -> str: + return "{:x}".format(self.int_a).zfill(self.hex_digits) + + @property + def hex_b(self) -> str: + return "{:x}".format(self.int_b).zfill(self.hex_digits) + + @property + def r(self) -> int: # pylint: disable=invalid-name + l = limbs_mpi(self.int_n, self.bits_in_limb) + return bound_mpi_limbs(l, self.bits_in_limb) + + @property + def r_inv(self) -> int: + return invmod(self.r, self.int_n) + + @property + def r2(self) -> int: # pylint: disable=invalid-name + return pow(self.r, 2) + + class OperationCommonArchSplit(OperationCommon): #pylint: disable=abstract-method """Common features for operations where the result depends on diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 4f12d9a865..884e2ef4a8 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -14,7 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -from abc import ABCMeta from typing import Dict, Iterator, List from . import test_case @@ -26,58 +25,8 @@ class BignumModRawTarget(test_data_generation.BaseTarget): """Target for bignum mod_raw test case generation.""" target_basename = 'test_suite_bignum_mod_raw.generated' -class BignumModRawOperation(bignum_common.OperationCommon, BignumModRawTarget, metaclass=ABCMeta): - #pylint: disable=abstract-method - """Target for bignum mod_raw test case generation.""" - - def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: - super().__init__(val_a=val_a, val_b=val_b) - self.val_n = val_n - self.bits_in_limb = bits_in_limb - - @property - def int_n(self) -> int: - return bignum_common.hex_to_int(self.val_n) - - @property - def boundary(self) -> int: - data_in = [self.int_a, self.int_b, self.int_n] - return max([n for n in data_in if n is not None]) - - @property - def limbs(self) -> int: - return bignum_common.limbs_mpi(self.boundary, self.bits_in_limb) - - @property - def hex_digits(self) -> int: - return 2 * (self.limbs * self.bits_in_limb // 8) - - @property - def hex_n(self) -> str: - return "{:x}".format(self.int_n).zfill(self.hex_digits) - - @property - def hex_a(self) -> str: - return "{:x}".format(self.int_a).zfill(self.hex_digits) - - @property - def hex_b(self) -> str: - return "{:x}".format(self.int_b).zfill(self.hex_digits) - - @property - def r(self) -> int: # pylint: disable=invalid-name - l = bignum_common.limbs_mpi(self.int_n, self.bits_in_limb) - return bignum_common.bound_mpi_limbs(l, self.bits_in_limb) - - @property - def r_inv(self) -> int: - return bignum_common.invmod(self.r, self.int_n) - - @property - def r2(self) -> int: # pylint: disable=invalid-name - return pow(self.r, 2) - -class BignumModRawOperationArchSplit(BignumModRawOperation): +class BignumModRawOperationArchSplit(bignum_common.ModOperationCommon, + BignumModRawTarget): #pylint: disable=abstract-method """Common features for bignum mod raw operations where the result depends on the limb size.""" From 948afcecb91caed178b85c6c285768ea604a82aa Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Nov 2022 13:38:56 +0000 Subject: [PATCH 078/139] Bignum Tests: move ModOperationArchSplit to common The class BignumModRawOperationArchSplit has functionality that are needed in other modules, therefore moving it to bignum_common. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 22 ++++++++++++++++++++++ scripts/mbedtls_dev/bignum_mod_raw.py | 24 ++---------------------- 2 files changed, 24 insertions(+), 22 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 28e27b0392..b853d11365 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -226,6 +226,28 @@ class OperationCommonArchSplit(OperationCommon): yield cls(a_value, b_value, 64).create_test_case() +class ModOperationCommonArchSplit(ModOperationCommon): + #pylint: disable=abstract-method + """Common features for bignum mod raw operations where the result depends on + the limb size.""" + + limb_sizes = [32, 64] # type: List[int] + + def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: + super().__init__(val_n=val_n, val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) + + if bits_in_limb not in self.limb_sizes: + raise ValueError("Invalid number of bits in limb!") + + self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] + + @classmethod + def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + for a_value, b_value in cls.get_value_pairs(): + for bil in cls.limb_sizes: + yield cls(a_value, b_value, bits_in_limb=bil).create_test_case() + + # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 884e2ef4a8..58a93fc5d6 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -25,27 +25,6 @@ class BignumModRawTarget(test_data_generation.BaseTarget): """Target for bignum mod_raw test case generation.""" target_basename = 'test_suite_bignum_mod_raw.generated' -class BignumModRawOperationArchSplit(bignum_common.ModOperationCommon, - BignumModRawTarget): - #pylint: disable=abstract-method - """Common features for bignum mod raw operations where the result depends on - the limb size.""" - - limb_sizes = [32, 64] # type: List[int] - - def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: - super().__init__(val_n=val_n, val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) - - if bits_in_limb not in self.limb_sizes: - raise ValueError("Invalid number of bits in limb!") - - self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - for bil in cls.limb_sizes: - yield cls(a_value, b_value, bits_in_limb=bil).create_test_case() # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 @@ -71,7 +50,8 @@ class BignumModRawOperationArchSplit(bignum_common.ModOperationCommon, # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 -class BignumModRawConvertToMont(BignumModRawOperationArchSplit): +class BignumModRawConvertToMont(bignum_common.ModOperationCommonArchSplit, + BignumModRawTarget): """ Test cases for mpi_mod_raw_to_mont_rep(). """ test_function = "mpi_mod_raw_to_mont_rep" From 155ad8c2971973b950c5c730a21fd9815f57fef7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Nov 2022 14:42:40 +0000 Subject: [PATCH 079/139] Bignum Tests: remove ModOperationCommonArchSplit The functionality of ModOperationCommonArchSplit is needed in several subclasses, therefore moving it to a superclass. There is another, redundant ArchSplit class, which will be removed in a later commit. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 49 ++++++++++++--------------- scripts/mbedtls_dev/bignum_mod_raw.py | 3 +- 2 files changed, 24 insertions(+), 28 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index b853d11365..cbbbf9f678 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -80,17 +80,29 @@ class OperationCommon(test_data_generation.BaseTest): unique_combinations_only: Boolean to select if test case combinations must be unique. If True, only A,B or B,A would be included as a test case. If False, both A,B and B,A would be included. + arch_split: Boolean to select if different test cases are needed + depending on the architecture/limb size. This will cause test + objects being generated with different architectures. Individual + test objects can tell their architecture by accessing the + bits_in_limb instance variable. """ symbol = "" input_values = [] # type: List[str] input_cases = [] # type: List[Tuple[str, str]] unique_combinations_only = True + arch_split = False + limb_sizes = [32, 64] # type: List[int] - def __init__(self, val_a: str, val_b: str) -> None: + def __init__(self, val_a: str, val_b: str, bits_in_limb: int = 64) -> None: self.arg_a = val_a self.arg_b = val_b self.int_a = hex_to_int(val_a) self.int_b = hex_to_int(val_b) + if bits_in_limb not in self.limb_sizes: + raise ValueError("Invalid number of bits in limb!") + if self.arch_split: + self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] + self.bits_in_limb = bits_in_limb def arguments(self) -> List[str]: return [ @@ -139,17 +151,22 @@ class OperationCommon(test_data_generation.BaseTest): @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: for a_value, b_value in cls.get_value_pairs(): - yield cls(a_value, b_value).create_test_case() + if cls.arch_split: + for bil in cls.limb_sizes: + yield cls(a_value, b_value, + bits_in_limb=bil).create_test_case() + else: + yield cls(a_value, b_value).create_test_case() class ModOperationCommon(OperationCommon): #pylint: disable=abstract-method """Target for bignum mod_raw test case generation.""" - def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: - super().__init__(val_a=val_a, val_b=val_b) + def __init__(self, val_n: str, val_a: str, val_b: str = "0", + bits_in_limb: int = 64) -> None: + super().__init__(val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) self.val_n = val_n - self.bits_in_limb = bits_in_limb @property def int_n(self) -> int: @@ -226,28 +243,6 @@ class OperationCommonArchSplit(OperationCommon): yield cls(a_value, b_value, 64).create_test_case() -class ModOperationCommonArchSplit(ModOperationCommon): - #pylint: disable=abstract-method - """Common features for bignum mod raw operations where the result depends on - the limb size.""" - - limb_sizes = [32, 64] # type: List[int] - - def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: - super().__init__(val_n=val_n, val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) - - if bits_in_limb not in self.limb_sizes: - raise ValueError("Invalid number of bits in limb!") - - self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - for bil in cls.limb_sizes: - yield cls(a_value, b_value, bits_in_limb=bil).create_test_case() - - # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 58a93fc5d6..f44acef73a 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -50,12 +50,13 @@ class BignumModRawTarget(test_data_generation.BaseTarget): # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 -class BignumModRawConvertToMont(bignum_common.ModOperationCommonArchSplit, +class BignumModRawConvertToMont(bignum_common.ModOperationCommon, BignumModRawTarget): """ Test cases for mpi_mod_raw_to_mont_rep(). """ test_function = "mpi_mod_raw_to_mont_rep" test_name = "Convert into Mont: " + arch_split = True test_data_moduli = ["b", "fd", From b41ab926b2dc1808235099bbeed31159dbebc4c1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Nov 2022 15:13:02 +0000 Subject: [PATCH 080/139] Bignum Tests: move properties to superclass Move properties that are needed in several children to the superclass. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 40 +++++++++++++++------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index cbbbf9f678..7d52749f8d 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -104,6 +104,27 @@ class OperationCommon(test_data_generation.BaseTest): self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] self.bits_in_limb = bits_in_limb + @property + def boundary(self) -> int: + data_in = [self.int_a, self.int_b] + return max([n for n in data_in if n is not None]) + + @property + def limbs(self) -> int: + return limbs_mpi(self.boundary, self.bits_in_limb) + + @property + def hex_digits(self) -> int: + return 2 * (self.limbs * self.bits_in_limb // 8) + + @property + def hex_a(self) -> str: + return "{:x}".format(self.int_a).zfill(self.hex_digits) + + @property + def hex_b(self) -> str: + return "{:x}".format(self.int_b).zfill(self.hex_digits) + def arguments(self) -> List[str]: return [ quote_str(self.arg_a), quote_str(self.arg_b) @@ -177,26 +198,10 @@ class ModOperationCommon(OperationCommon): data_in = [self.int_a, self.int_b, self.int_n] return max([n for n in data_in if n is not None]) - @property - def limbs(self) -> int: - return limbs_mpi(self.boundary, self.bits_in_limb) - - @property - def hex_digits(self) -> int: - return 2 * (self.limbs * self.bits_in_limb // 8) - @property def hex_n(self) -> str: return "{:x}".format(self.int_n).zfill(self.hex_digits) - @property - def hex_a(self) -> str: - return "{:x}".format(self.int_a).zfill(self.hex_digits) - - @property - def hex_b(self) -> str: - return "{:x}".format(self.int_b).zfill(self.hex_digits) - @property def r(self) -> int: # pylint: disable=invalid-name l = limbs_mpi(self.int_n, self.bits_in_limb) @@ -221,9 +226,6 @@ class OperationCommonArchSplit(OperationCommon): bound_val = max(self.int_a, self.int_b) self.bits_in_limb = bits_in_limb self.bound = bound_mpi(bound_val, self.bits_in_limb) - limbs = limbs_mpi(bound_val, self.bits_in_limb) - byte_len = limbs * self.bits_in_limb // 8 - self.hex_digits = 2 * byte_len if self.bits_in_limb == 32: self.dependencies = ["MBEDTLS_HAVE_INT32"] elif self.bits_in_limb == 64: From 6fa3f0653ae081ea43d5414624993d17f9b056dd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 17 Nov 2022 20:33:51 +0000 Subject: [PATCH 081/139] Bignum Tests: remove OperationCommonArchSplit The ArchSplit functionality was duplicated and moved to OperationCommon from the other copy. The remnants of the functionality is moved to the only subclass using this. There is no semantic change to the generated tests. The order has changed however: core_add tests have been moved before core_mla tests and the order of the 64 and 32 bit versions have been swapped. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 52 ++++++++------------------- scripts/mbedtls_dev/bignum_core.py | 24 +++++++------ scripts/mbedtls_dev/bignum_mod_raw.py | 2 +- 3 files changed, 29 insertions(+), 49 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 7d52749f8d..0784f845ff 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -80,17 +80,18 @@ class OperationCommon(test_data_generation.BaseTest): unique_combinations_only: Boolean to select if test case combinations must be unique. If True, only A,B or B,A would be included as a test case. If False, both A,B and B,A would be included. - arch_split: Boolean to select if different test cases are needed - depending on the architecture/limb size. This will cause test - objects being generated with different architectures. Individual - test objects can tell their architecture by accessing the - bits_in_limb instance variable. + input_style: Controls the way how test data is passed to the functions + in the generated test cases. "variable" passes them as they are + defined in the python source. "arch_split" pads the values with + zeroes depending on the architecture/limb size. If this is set, + test cases are generated for all architectures. """ symbol = "" input_values = [] # type: List[str] input_cases = [] # type: List[Tuple[str, str]] unique_combinations_only = True - arch_split = False + input_styles = ["variable", "arch_split"] # type: List[str] + input_style = "variable" # type: str limb_sizes = [32, 64] # type: List[int] def __init__(self, val_a: str, val_b: str, bits_in_limb: int = 64) -> None: @@ -100,7 +101,7 @@ class OperationCommon(test_data_generation.BaseTest): self.int_b = hex_to_int(val_b) if bits_in_limb not in self.limb_sizes: raise ValueError("Invalid number of bits in limb!") - if self.arch_split: + if self.input_style == "arch_split": self.dependencies = ["MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)] self.bits_in_limb = bits_in_limb @@ -109,6 +110,10 @@ class OperationCommon(test_data_generation.BaseTest): data_in = [self.int_a, self.int_b] return max([n for n in data_in if n is not None]) + @property + def limb_boundary(self) -> int: + return bound_mpi(self.boundary, self.bits_in_limb) + @property def limbs(self) -> int: return limbs_mpi(self.boundary, self.bits_in_limb) @@ -171,8 +176,10 @@ class OperationCommon(test_data_generation.BaseTest): @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + if cls.input_style not in cls.input_styles: + raise ValueError("Unknown input style!") for a_value, b_value in cls.get_value_pairs(): - if cls.arch_split: + if cls.input_style == "arch_split": for bil in cls.limb_sizes: yield cls(a_value, b_value, bits_in_limb=bil).create_test_case() @@ -216,35 +223,6 @@ class ModOperationCommon(OperationCommon): return pow(self.r, 2) -class OperationCommonArchSplit(OperationCommon): - #pylint: disable=abstract-method - """Common features for operations where the result depends on - the limb size.""" - - def __init__(self, val_a: str, val_b: str, bits_in_limb: int) -> None: - super().__init__(val_a, val_b) - bound_val = max(self.int_a, self.int_b) - self.bits_in_limb = bits_in_limb - self.bound = bound_mpi(bound_val, self.bits_in_limb) - if self.bits_in_limb == 32: - self.dependencies = ["MBEDTLS_HAVE_INT32"] - elif self.bits_in_limb == 64: - self.dependencies = ["MBEDTLS_HAVE_INT64"] - else: - raise ValueError("Invalid number of bits in limb!") - self.arg_a = self.arg_a.zfill(self.hex_digits) - self.arg_b = self.arg_b.zfill(self.hex_digits) - - def pad_to_limbs(self, val) -> str: - return "{:x}".format(val).zfill(self.hex_digits) - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - yield cls(a_value, b_value, 32).create_test_case() - yield cls(a_value, b_value, 64).create_test_case() - - # BEGIN MERGE SLOT 1 # END MERGE SLOT 1 diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 591e53c203..749403705a 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -106,6 +106,7 @@ class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): yield (cls(bitsize, bitsize_description, window_size) .create_test_case()) + INPUT_VALUES = [ "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", "fffffffe", "ffffffff", "100000000", "1f7f7f7f7f7f7f", @@ -127,38 +128,39 @@ INPUT_VALUES = [ ) ] - class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon): #pylint: disable=abstract-method """Common features for bignum core operations.""" input_values = INPUT_VALUES -class BignumCoreOperationArchSplit(BignumCoreTarget, - bignum_common.OperationCommonArchSplit): - #pylint: disable=abstract-method - """Common features for bignum core operations where the result depends on - the limb size.""" - input_values = INPUT_VALUES - - -class BignumCoreAddAndAddIf(BignumCoreOperationArchSplit): +class BignumCoreAddAndAddIf(BignumCoreOperation): """Test cases for bignum core add and add-if.""" count = 0 symbol = "+" test_function = "mpi_core_add_and_add_if" test_name = "mpi_core_add_and_add_if" + input_style = "arch_split" + + def __init__(self, val_a: str, val_b: str, bits_in_limb: int) -> None: + super().__init__(val_a, val_b) + self.arg_a = self.arg_a.zfill(self.hex_digits) + self.arg_b = self.arg_b.zfill(self.hex_digits) + + def pad_to_limbs(self, val) -> str: + return "{:x}".format(val).zfill(self.hex_digits) def result(self) -> List[str]: result = self.int_a + self.int_b - carry, result = divmod(result, self.bound) + carry, result = divmod(result, self.limb_boundary) return [ bignum_common.quote_str(self.pad_to_limbs(result)), str(carry) ] + class BignumCoreSub(BignumCoreOperation): """Test cases for bignum core sub.""" count = 0 diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index f44acef73a..b330c493d5 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -56,7 +56,7 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, test_function = "mpi_mod_raw_to_mont_rep" test_name = "Convert into Mont: " - arch_split = True + input_style = "arch_split" test_data_moduli = ["b", "fd", From 4c59d35e00d08ae2a6ab51a13077776c05d22a3d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Nov 2022 16:05:46 +0000 Subject: [PATCH 082/139] Bignum tests: make args use input_style Before arg_ attributes were the arguments as they were defined in the python script. Turning these into properties and having them take the form respect the style set in input_style makes the class easier to use and more consistent. This change makes the hex_ properties redundant and therefore they are removed. There are no semantic changes to the generated test cases. (The order of appearance of 64 and 32 bit mpi_core_add_and_add_if test cases has changed.) Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 30 +++++++++++++++++++-------- scripts/mbedtls_dev/bignum_core.py | 10 +-------- scripts/mbedtls_dev/bignum_mod_raw.py | 4 ++-- 3 files changed, 24 insertions(+), 20 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 0784f845ff..907c0b6d5f 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -95,8 +95,8 @@ class OperationCommon(test_data_generation.BaseTest): limb_sizes = [32, 64] # type: List[int] def __init__(self, val_a: str, val_b: str, bits_in_limb: int = 64) -> None: - self.arg_a = val_a - self.arg_b = val_b + self.val_a = val_a + self.val_b = val_b self.int_a = hex_to_int(val_a) self.int_b = hex_to_int(val_b) if bits_in_limb not in self.limb_sizes: @@ -122,13 +122,25 @@ class OperationCommon(test_data_generation.BaseTest): def hex_digits(self) -> int: return 2 * (self.limbs * self.bits_in_limb // 8) - @property - def hex_a(self) -> str: - return "{:x}".format(self.int_a).zfill(self.hex_digits) + def format_arg(self, val) -> str: + if self.input_style not in self.input_styles: + raise ValueError("Unknown input style!") + if self.input_style == "variable": + return val + else: + return val.zfill(self.hex_digits) + + def format_result(self, res) -> str: + res_str = '{:x}'.format(res) + return quote_str(self.format_arg(res_str)) @property - def hex_b(self) -> str: - return "{:x}".format(self.int_b).zfill(self.hex_digits) + def arg_a(self) -> str: + return self.format_arg(self.val_a) + + @property + def arg_b(self) -> str: + return self.format_arg(self.val_b) def arguments(self) -> List[str]: return [ @@ -206,8 +218,8 @@ class ModOperationCommon(OperationCommon): return max([n for n in data_in if n is not None]) @property - def hex_n(self) -> str: - return "{:x}".format(self.int_n).zfill(self.hex_digits) + def arg_n(self) -> str: + return self.format_arg(self.val_n) @property def r(self) -> int: # pylint: disable=invalid-name diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 749403705a..48390b98cb 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -142,21 +142,13 @@ class BignumCoreAddAndAddIf(BignumCoreOperation): test_name = "mpi_core_add_and_add_if" input_style = "arch_split" - def __init__(self, val_a: str, val_b: str, bits_in_limb: int) -> None: - super().__init__(val_a, val_b) - self.arg_a = self.arg_a.zfill(self.hex_digits) - self.arg_b = self.arg_b.zfill(self.hex_digits) - - def pad_to_limbs(self, val) -> str: - return "{:x}".format(val).zfill(self.hex_digits) - def result(self) -> List[str]: result = self.int_a + self.int_b carry, result = divmod(result, self.limb_boundary) return [ - bignum_common.quote_str(self.pad_to_limbs(result)), + self.format_result(result), str(carry) ] diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index b330c493d5..e2d8cd698d 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -114,8 +114,8 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, return [self.hex_x] def arguments(self) -> List[str]: - return [bignum_common.quote_str(n) for n in [self.hex_n, - self.hex_a, + return [bignum_common.quote_str(n) for n in [self.arg_n, + self.arg_a, self.hex_x]] def description(self) -> str: From abfca8f938e9923a849a0aaa350767e93f10ca5a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Nov 2022 16:48:45 +0000 Subject: [PATCH 083/139] Bignum tests: make n an attribute Having int_ variants as an attribute has the advantage of the input being validated when the object is instantiated. In theory otherwise if a particular int_ attribute is not accessed, then the invalid argument is passed to the tests as it is. (This would in all likelihood detected by the actual test cases, still, it is more robust like this.) There are no semantic changes to the generated test cases. (The order of appearance of 64 and 32 bit mpi_core_add_and_add_if test cases has changed.) Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 907c0b6d5f..58eb11ebd1 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -97,6 +97,8 @@ class OperationCommon(test_data_generation.BaseTest): def __init__(self, val_a: str, val_b: str, bits_in_limb: int = 64) -> None: self.val_a = val_a self.val_b = val_b + # Setting the int versions here as opposed to making them @properties + # provides earlier/more robust input validation. self.int_a = hex_to_int(val_a) self.int_b = hex_to_int(val_b) if bits_in_limb not in self.limb_sizes: @@ -207,10 +209,9 @@ class ModOperationCommon(OperationCommon): bits_in_limb: int = 64) -> None: super().__init__(val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) self.val_n = val_n - - @property - def int_n(self) -> int: - return hex_to_int(self.val_n) + # Setting the int versions here as opposed to making them @properties + # provides earlier/more robust input validation. + self.int_n = hex_to_int(val_n) @property def boundary(self) -> int: From a36a3d36b5c749011f8b94f88d37a3f3523ff8a8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Nov 2022 17:49:13 +0000 Subject: [PATCH 084/139] Bignum tests: add arity Add the ability to control the number of operands, by setting the arity class attribute. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 30 ++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 58eb11ebd1..ecff206a3d 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -85,6 +85,8 @@ class OperationCommon(test_data_generation.BaseTest): defined in the python source. "arch_split" pads the values with zeroes depending on the architecture/limb size. If this is set, test cases are generated for all architectures. + arity: the number of operands for the operation. Currently supported + values are 1 and 2. """ symbol = "" input_values = [] # type: List[str] @@ -93,8 +95,10 @@ class OperationCommon(test_data_generation.BaseTest): input_styles = ["variable", "arch_split"] # type: List[str] input_style = "variable" # type: str limb_sizes = [32, 64] # type: List[int] + arities = [1, 2] + arity = 2 - def __init__(self, val_a: str, val_b: str, bits_in_limb: int = 64) -> None: + def __init__(self, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: self.val_a = val_a self.val_b = val_b # Setting the int versions here as opposed to making them @properties @@ -109,8 +113,11 @@ class OperationCommon(test_data_generation.BaseTest): @property def boundary(self) -> int: - data_in = [self.int_a, self.int_b] - return max([n for n in data_in if n is not None]) + if self.arity == 1: + return self.int_a + elif self.arity == 2: + return max(self.int_a, self.int_b) + raise ValueError("Unsupported number of operands!") @property def limb_boundary(self) -> int: @@ -142,12 +149,15 @@ class OperationCommon(test_data_generation.BaseTest): @property def arg_b(self) -> str: + if self.arity == 1: + raise AttributeError("Operation is unary and doesn't have arg_b!") return self.format_arg(self.val_b) def arguments(self) -> List[str]: - return [ - quote_str(self.arg_a), quote_str(self.arg_b) - ] + self.result() + args = [quote_str(self.arg_a)] + if self.arity == 2: + args.append(quote_str(self.arg_b)) + return args + self.result() def description(self) -> str: """Generate a description for the test case. @@ -192,6 +202,8 @@ class OperationCommon(test_data_generation.BaseTest): def generate_function_tests(cls) -> Iterator[test_case.TestCase]: if cls.input_style not in cls.input_styles: raise ValueError("Unknown input style!") + if cls.arity not in cls.arities: + raise ValueError("Unsupported number of operands!") for a_value, b_value in cls.get_value_pairs(): if cls.input_style == "arch_split": for bil in cls.limb_sizes: @@ -215,13 +227,15 @@ class ModOperationCommon(OperationCommon): @property def boundary(self) -> int: - data_in = [self.int_a, self.int_b, self.int_n] - return max([n for n in data_in if n is not None]) + return self.int_n @property def arg_n(self) -> str: return self.format_arg(self.val_n) + def arguments(self) -> List[str]: + return [quote_str(self.arg_n)] + super().arguments() + @property def r(self) -> int: # pylint: disable=invalid-name l = limbs_mpi(self.int_n, self.bits_in_limb) From 1921fd585cb0314bb7e6e165727664c52052dd97 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Nov 2022 17:51:02 +0000 Subject: [PATCH 085/139] Bignum tests: use arity in bignum_mod_raw This makes a couple of properties redundant which are cleaned up. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_mod_raw.py | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index e2d8cd698d..6c217c235d 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -57,6 +57,7 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, test_function = "mpi_mod_raw_to_mont_rep" test_name = "Convert into Mont: " input_style = "arch_split" + arity = 1 test_data_moduli = ["b", "fd", @@ -111,12 +112,8 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, descr_tpl = '{} #{} N: \"{}\" A: \"{}\".' def result(self) -> List[str]: - return [self.hex_x] - - def arguments(self) -> List[str]: - return [bignum_common.quote_str(n) for n in [self.arg_n, - self.arg_a, - self.hex_x]] + result = (self.int_a * self.r) % self.int_n + return [self.format_result(result)] def description(self) -> str: return self.descr_tpl.format(self.test_name, @@ -134,13 +131,6 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, continue yield cls(n, i, bits_in_limb=bil).create_test_case() - @property - def x(self) -> int: # pylint: disable=invalid-name - return (self.int_a * self.r) % self.int_n - - @property - def hex_x(self) -> str: - return "{:x}".format(self.x).zfill(self.hex_digits) class BignumModRawConvertFromMont(BignumModRawConvertToMont): """ Test cases for mpi_mod_raw_from_mont_rep(). """ @@ -169,9 +159,11 @@ class BignumModRawConvertFromMont(BignumModRawConvertToMont): "138a7e6bfbc319ebd1725dacb9a359cbf693f2ecb785efb9d627" ] - @property - def x(self): # pylint: disable=invalid-name - return (self.int_a * self.r_inv) % self.int_n + def result(self) -> List[str]: + result = (self.int_a * self.r_inv) % self.int_n + return [self.format_result(result)] + + # END MERGE SLOT 7 # BEGIN MERGE SLOT 8 From 939621f8ed6803f2967568a3d70582ba27e85e07 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 18 Nov 2022 18:15:24 +0000 Subject: [PATCH 086/139] Bignum tests: add support for filtering Sometimes we don't want all possible combinations of the input data and sometimes not all combinations make sense. We are adding a convenient way to decide on a case by case basis. Now child classes only need to implement the is_valid method and the invalid cases will be filtered out automatically. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index ecff206a3d..b22846b710 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -172,6 +172,10 @@ class OperationCommon(test_data_generation.BaseTest): ) return super().description() + @property + def is_valid(self) -> bool: + return True + @abstractmethod def result(self) -> List[str]: """Get the result of the operation. @@ -204,13 +208,18 @@ class OperationCommon(test_data_generation.BaseTest): raise ValueError("Unknown input style!") if cls.arity not in cls.arities: raise ValueError("Unsupported number of operands!") - for a_value, b_value in cls.get_value_pairs(): - if cls.input_style == "arch_split": - for bil in cls.limb_sizes: - yield cls(a_value, b_value, - bits_in_limb=bil).create_test_case() - else: - yield cls(a_value, b_value).create_test_case() + if cls.input_style == "arch_split": + test_objects = (cls(a_value, b_value, bits_in_limb=bil) + for a_value, b_value in cls.get_value_pairs() + for bil in cls.limb_sizes) + else: + test_objects = (cls(a_value, b_value) for + a_value, b_value in cls.get_value_pairs()) + yield from (valid_test_object.create_test_case() + for valid_test_object in filter( + lambda test_object: test_object.is_valid, + test_objects + )) class ModOperationCommon(OperationCommon): From c4fca5de3ebe5a586a4be591f32b4b641d6e558c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 10:42:20 +0000 Subject: [PATCH 087/139] Bignum tests: automate modulo test object generation Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 37 +++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index b22846b710..7d7170d170 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -209,12 +209,12 @@ class OperationCommon(test_data_generation.BaseTest): if cls.arity not in cls.arities: raise ValueError("Unsupported number of operands!") if cls.input_style == "arch_split": - test_objects = (cls(a_value, b_value, bits_in_limb=bil) - for a_value, b_value in cls.get_value_pairs() + test_objects = (cls(a, b, bits_in_limb=bil) + for a, b in cls.get_value_pairs() for bil in cls.limb_sizes) else: - test_objects = (cls(a_value, b_value) for - a_value, b_value in cls.get_value_pairs()) + test_objects = (cls(a, b) + for a, b in cls.get_value_pairs()) yield from (valid_test_object.create_test_case() for valid_test_object in filter( lambda test_object: test_object.is_valid, @@ -225,6 +225,7 @@ class OperationCommon(test_data_generation.BaseTest): class ModOperationCommon(OperationCommon): #pylint: disable=abstract-method """Target for bignum mod_raw test case generation.""" + moduli = [] # type: List[str] def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: @@ -258,6 +259,34 @@ class ModOperationCommon(OperationCommon): def r2(self) -> int: # pylint: disable=invalid-name return pow(self.r, 2) + @property + def is_valid(self) -> bool: + if self.int_a >= self.int_n: + return False + if self.arity == 2 and self.int_b >= self.int_n: + return False + return True + + @classmethod + def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + if cls.input_style not in cls.input_styles: + raise ValueError("Unknown input style!") + if cls.arity not in cls.arities: + raise ValueError("Unsupported number of operands!") + if cls.input_style == "arch_split": + test_objects = (cls(n, a, b, bits_in_limb=bil) + for n in cls.moduli + for a, b in cls.get_value_pairs() + for bil in cls.limb_sizes) + else: + test_objects = (cls(n, a, b) + for n in cls.moduli + for a, b in cls.get_value_pairs()) + yield from (valid_test_object.create_test_case() + for valid_test_object in filter( + lambda test_object: test_object.is_valid, + test_objects + )) # BEGIN MERGE SLOT 1 From 98edf21bb4bb33b1dc2b6a62f0eca204b4160c48 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 12:48:17 +0000 Subject: [PATCH 088/139] Bignum test: remove type restrictrion The special case list type depends on the arity and the subclass. Remove type restriction to make defining special case lists more flexible and natural. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 16 +++++++++++----- scripts/mbedtls_dev/bignum_core.py | 10 ++++++++++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 7d7170d170..ed321d7c3e 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -15,7 +15,8 @@ # limitations under the License. from abc import abstractmethod -from typing import Iterator, List, Tuple, TypeVar +from typing import Iterator, List, Tuple, TypeVar, Any +from itertools import chain from . import test_case from . import test_data_generation @@ -90,7 +91,7 @@ class OperationCommon(test_data_generation.BaseTest): """ symbol = "" input_values = [] # type: List[str] - input_cases = [] # type: List[Tuple[str, str]] + input_cases = [] # type: List[Any] unique_combinations_only = True input_styles = ["variable", "arch_split"] # type: List[str] input_style = "variable" # type: str @@ -200,7 +201,6 @@ class OperationCommon(test_data_generation.BaseTest): for a in cls.input_values for b in cls.input_values ) - yield from cls.input_cases @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: @@ -212,14 +212,20 @@ class OperationCommon(test_data_generation.BaseTest): test_objects = (cls(a, b, bits_in_limb=bil) for a, b in cls.get_value_pairs() for bil in cls.limb_sizes) + special_cases = (cls(*args, bits_in_limb=bil) # type: ignore + for args in cls.input_cases + for bil in cls.limb_sizes) else: test_objects = (cls(a, b) for a, b in cls.get_value_pairs()) + special_cases = (cls(*args) for args in cls.input_cases) yield from (valid_test_object.create_test_case() for valid_test_object in filter( lambda test_object: test_object.is_valid, - test_objects - )) + chain(test_objects, special_cases) + ) + ) + class ModOperationCommon(OperationCommon): diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 48390b98cb..1bfc652efb 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -243,6 +243,16 @@ class BignumCoreMLA(BignumCoreOperation): "\"{:x}\"".format(carry_8) ] + @classmethod + def get_value_pairs(cls) -> Iterator[Tuple[str, str]]: + """Generator to yield pairs of inputs. + + Combinations are first generated from all input values, and then + specific cases provided. + """ + yield from super().get_value_pairs() + yield from cls.input_cases + @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: """Override for additional scalar input.""" From 435b305a491853c7b477f5b012c226832574104e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 14:18:02 +0000 Subject: [PATCH 089/139] Bignum tests: add special cases to mod Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index ed321d7c3e..6fd42d1e7f 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -273,6 +273,15 @@ class ModOperationCommon(OperationCommon): return False return True + @classmethod + def input_cases_args(cls) -> Iterator[Tuple[Any, Any, Any]]: + if cls.arity == 1: + yield from ((n, a, "0") for a, n in cls.input_cases) + elif cls.arity == 2: + yield from ((n, a, b) for a, b, n in cls.input_cases) + else: + raise ValueError("Unsupported number of operands!") + @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: if cls.input_style not in cls.input_styles: @@ -284,14 +293,18 @@ class ModOperationCommon(OperationCommon): for n in cls.moduli for a, b in cls.get_value_pairs() for bil in cls.limb_sizes) + special_cases = (cls(*args, bits_in_limb=bil) + for args in cls.input_cases_args() + for bil in cls.limb_sizes) else: test_objects = (cls(n, a, b) for n in cls.moduli for a, b in cls.get_value_pairs()) + special_cases = (cls(*args) for args in cls.input_cases_args()) yield from (valid_test_object.create_test_case() for valid_test_object in filter( lambda test_object: test_object.is_valid, - test_objects + chain(test_objects, special_cases) )) # BEGIN MERGE SLOT 1 From 284672ccfb23b7a62aa730cc86012722cd794f85 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 14:55:43 +0000 Subject: [PATCH 090/139] Bignum tests: complete support for unary operators There are no intended changes to generated tests. (The ordering of tests in the mod_raw module has changed.) Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 19 ++-- scripts/mbedtls_dev/bignum_mod_raw.py | 149 ++++++++++++-------------- 2 files changed, 81 insertions(+), 87 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 6fd42d1e7f..318e25ca12 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -193,14 +193,19 @@ class OperationCommon(test_data_generation.BaseTest): Combinations are first generated from all input values, and then specific cases provided. """ - if cls.unique_combinations_only: - yield from combination_pairs(cls.input_values) + if cls.arity == 1: + yield from ((a, "0") for a in cls.input_values) + elif cls.arity == 2: + if cls.unique_combinations_only: + yield from combination_pairs(cls.input_values) + else: + yield from ( + (a, b) + for a in cls.input_values + for b in cls.input_values + ) else: - yield from ( - (a, b) - for a in cls.input_values - for b in cls.input_values - ) + raise ValueError("Unsupported number of operands!") @classmethod def generate_function_tests(cls) -> Iterator[test_case.TestCase]: diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 6c217c235d..087c8dc87d 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -14,9 +14,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -from typing import Dict, Iterator, List +from typing import Dict, List -from . import test_case from . import test_data_generation from . import bignum_common @@ -59,55 +58,55 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, input_style = "arch_split" arity = 1 - test_data_moduli = ["b", - "fd", - "eeff99aa37", - "eeff99aa11", - "800000000005", - "7fffffffffffffff", - "80fe000a10000001", - "25a55a46e5da99c71c7", - "1058ad82120c3a10196bb36229c1", - "7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f" - "18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a" - "98df75154f8c914a282f8b", - "8335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63", - "ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f" - "2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a6" - "4d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2" - "deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d" - "6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a0" - "7e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d389" - "8c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6" - "bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3a" - "d4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181d" - "b8896f33bb12e6ef73f12ec5c5ea7a8a337" - ] + moduli = ["b", + "fd", + "eeff99aa37", + "eeff99aa11", + "800000000005", + "7fffffffffffffff", + "80fe000a10000001", + "25a55a46e5da99c71c7", + "1058ad82120c3a10196bb36229c1", + "7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f" + "18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a" + "98df75154f8c914a282f8b", + "8335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63", + "ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f" + "2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a6" + "4d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2" + "deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d" + "6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a0" + "7e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d389" + "8c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6" + "bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3a" + "d4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181d" + "b8896f33bb12e6ef73f12ec5c5ea7a8a337" + ] - test_input_numbers = ["0", - "1", - "97", - "f5", - "6f5c3", - "745bfe50f7", - "ffa1f9924123", - "334a8b983c79bd", - "5b84f632b58f3461", - "19acd15bc38008e1", - "ffffffffffffffff", - "54ce6a6bb8247fa0427cfc75a6b0599", - "fecafe8eca052f154ce6a6bb8247fa019558bfeecce9bb9", - "a87d7a56fa4bfdc7da42ef798b9cf6843d4c54794698cb14d72" - "851dec9586a319f4bb6d5695acbd7c92e7a42a5ede6972adcbc" - "f68425265887f2d721f462b7f1b91531bac29fa648facb8e3c6" - "1bd5ae42d5a59ba1c89a95897bfe541a8ce1d633b98f379c481" - "6f25e21f6ac49286b261adb4b78274fe5f61c187581f213e84b" - "2a821e341ef956ecd5de89e6c1a35418cd74a549379d2d4594a" - "577543147f8e35b3514e62cf3e89d1156cdc91ab5f4c928fbd6" - "9148c35df5962fed381f4d8a62852a36823d5425f7487c13a12" - "523473fb823aa9d6ea5f42e794e15f2c1a8785cf6b7d51a4617" - "947fb3baf674f74a673cf1d38126983a19ed52c7439fab42c2185" - ] + input_values = ["0", + "1", + "97", + "f5", + "6f5c3", + "745bfe50f7", + "ffa1f9924123", + "334a8b983c79bd", + "5b84f632b58f3461", + "19acd15bc38008e1", + "ffffffffffffffff", + "54ce6a6bb8247fa0427cfc75a6b0599", + "fecafe8eca052f154ce6a6bb8247fa019558bfeecce9bb9", + "a87d7a56fa4bfdc7da42ef798b9cf6843d4c54794698cb14d72" + "851dec9586a319f4bb6d5695acbd7c92e7a42a5ede6972adcbc" + "f68425265887f2d721f462b7f1b91531bac29fa648facb8e3c6" + "1bd5ae42d5a59ba1c89a95897bfe541a8ce1d633b98f379c481" + "6f25e21f6ac49286b261adb4b78274fe5f61c187581f213e84b" + "2a821e341ef956ecd5de89e6c1a35418cd74a549379d2d4594a" + "577543147f8e35b3514e62cf3e89d1156cdc91ab5f4c928fbd6" + "9148c35df5962fed381f4d8a62852a36823d5425f7487c13a12" + "523473fb823aa9d6ea5f42e794e15f2c1a8785cf6b7d51a4617" + "947fb3baf674f74a673cf1d38126983a19ed52c7439fab42c2185" + ] descr_tpl = '{} #{} N: \"{}\" A: \"{}\".' @@ -121,16 +120,6 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, self.int_n, self.int_a) - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for bil in [32, 64]: - for n in cls.test_data_moduli: - for i in cls.test_input_numbers: - # Skip invalid combinations where A.limbs > N.limbs - if bignum_common.hex_to_int(i) > bignum_common.hex_to_int(n): - continue - yield cls(n, i, bits_in_limb=bil).create_test_case() - class BignumModRawConvertFromMont(BignumModRawConvertToMont): """ Test cases for mpi_mod_raw_from_mont_rep(). """ @@ -138,26 +127,26 @@ class BignumModRawConvertFromMont(BignumModRawConvertToMont): test_function = "mpi_mod_raw_from_mont_rep" test_name = "Convert from Mont: " - test_input_numbers = ["0", - "1", - "3ca", - "539ed428", - "7dfe5c6beb35a2d6", - "dca8de1c2adfc6d7aafb9b48e", - "a7d17b6c4be72f3d5c16bf9c1af6fc933", - "2fec97beec546f9553142ed52f147845463f579", - "378dc83b8bc5a7b62cba495af4919578dce6d4f175cadc4f", - "b6415f2a1a8e48a518345db11f56db3829c8f2c6415ab4a395a" - "b3ac2ea4cbef4af86eb18a84eb6ded4c6ecbfc4b59c2879a675" - "487f687adea9d197a84a5242a5cf6125ce19a6ad2e7341f1c57" - "d43ea4f4c852a51cb63dabcd1c9de2b827a3146a3d175b35bea" - "41ae75d2a286a3e9d43623152ac513dcdea1d72a7da846a8ab3" - "58d9be4926c79cfb287cf1cf25b689de3b912176be5dcaf4d4c" - "6e7cb839a4a3243a6c47c1e2c99d65c59d6fa3672575c2f1ca8" - "de6a32e854ec9d8ec635c96af7679fce26d7d159e4a9da3bd74" - "e1272c376cd926d74fe3fb164a5935cff3d5cdb92b35fe2cea32" - "138a7e6bfbc319ebd1725dacb9a359cbf693f2ecb785efb9d627" - ] + input_values = ["0", + "1", + "3ca", + "539ed428", + "7dfe5c6beb35a2d6", + "dca8de1c2adfc6d7aafb9b48e", + "a7d17b6c4be72f3d5c16bf9c1af6fc933", + "2fec97beec546f9553142ed52f147845463f579", + "378dc83b8bc5a7b62cba495af4919578dce6d4f175cadc4f", + "b6415f2a1a8e48a518345db11f56db3829c8f2c6415ab4a395a" + "b3ac2ea4cbef4af86eb18a84eb6ded4c6ecbfc4b59c2879a675" + "487f687adea9d197a84a5242a5cf6125ce19a6ad2e7341f1c57" + "d43ea4f4c852a51cb63dabcd1c9de2b827a3146a3d175b35bea" + "41ae75d2a286a3e9d43623152ac513dcdea1d72a7da846a8ab3" + "58d9be4926c79cfb287cf1cf25b689de3b912176be5dcaf4d4c" + "6e7cb839a4a3243a6c47c1e2c99d65c59d6fa3672575c2f1ca8" + "de6a32e854ec9d8ec635c96af7679fce26d7d159e4a9da3bd74" + "e1272c376cd926d74fe3fb164a5935cff3d5cdb92b35fe2cea32" + "138a7e6bfbc319ebd1725dacb9a359cbf693f2ecb785efb9d627" + ] def result(self) -> List[str]: result = (self.int_a * self.r_inv) % self.int_n From 8ae7a657acb7e35b51de4c39c4e47aba4858a11e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 15:05:19 +0000 Subject: [PATCH 091/139] Bignum tests: improve mod descriptions There are no semantic changes to the generated tests. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 23 +++++++++++++++++++---- scripts/mbedtls_dev/bignum_mod_raw.py | 12 +++--------- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 318e25ca12..9e92b8e61a 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -168,9 +168,14 @@ class OperationCommon(test_data_generation.BaseTest): generated to provide some context to the test case. """ if not self.case_description: - self.case_description = "{:x} {} {:x}".format( - self.int_a, self.symbol, self.int_b - ) + if self.arity == 1: + self.case_description = "{} {:x}".format( + self.symbol, self.int_a + ) + elif self.arity == 2: + self.case_description = "{:x} {} {:x}".format( + self.int_a, self.symbol, self.int_b + ) return super().description() @property @@ -232,7 +237,6 @@ class OperationCommon(test_data_generation.BaseTest): ) - class ModOperationCommon(OperationCommon): #pylint: disable=abstract-method """Target for bignum mod_raw test case generation.""" @@ -278,6 +282,17 @@ class ModOperationCommon(OperationCommon): return False return True + def description(self) -> str: + """Generate a description for the test case. + + It uses the form A `symbol` B mod N, where symbol is used to represent + the operation. + """ + + if not self.case_description: + return super().description() + " mod {:x}".format(self.int_n) + return super().description() + @classmethod def input_cases_args(cls) -> Iterator[Tuple[Any, Any, Any]]: if cls.arity == 1: diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 087c8dc87d..b23fbb2dc8 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -55,6 +55,7 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, test_function = "mpi_mod_raw_to_mont_rep" test_name = "Convert into Mont: " + symbol = "R *" input_style = "arch_split" arity = 1 @@ -108,24 +109,17 @@ class BignumModRawConvertToMont(bignum_common.ModOperationCommon, "947fb3baf674f74a673cf1d38126983a19ed52c7439fab42c2185" ] - descr_tpl = '{} #{} N: \"{}\" A: \"{}\".' - def result(self) -> List[str]: result = (self.int_a * self.r) % self.int_n return [self.format_result(result)] - def description(self) -> str: - return self.descr_tpl.format(self.test_name, - self.count, - self.int_n, - self.int_a) - class BignumModRawConvertFromMont(BignumModRawConvertToMont): """ Test cases for mpi_mod_raw_from_mont_rep(). """ - + count = 0 test_function = "mpi_mod_raw_from_mont_rep" test_name = "Convert from Mont: " + symbol = "1/R *" input_values = ["0", "1", From a36e430251d855143267c2ea1185d13c7d8e3042 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 19 Nov 2022 15:55:53 +0000 Subject: [PATCH 092/139] Bignum tests: add support for fixed width input Only fixed width input_style uses the default value of the bits_in_limb parameter, so set it to 32 in order to have less leading zeroes. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 9e92b8e61a..b68653a037 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -93,13 +93,13 @@ class OperationCommon(test_data_generation.BaseTest): input_values = [] # type: List[str] input_cases = [] # type: List[Any] unique_combinations_only = True - input_styles = ["variable", "arch_split"] # type: List[str] + input_styles = ["variable", "fixed", "arch_split"] # type: List[str] input_style = "variable" # type: str limb_sizes = [32, 64] # type: List[int] arities = [1, 2] arity = 2 - def __init__(self, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: + def __init__(self, val_a: str, val_b: str = "0", bits_in_limb: int = 32) -> None: self.val_a = val_a self.val_b = val_b # Setting the int versions here as opposed to making them @properties From b2a850c746ea475aaa22c7c26756d1eefdfd6883 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 10:56:05 +0000 Subject: [PATCH 093/139] Bignum Tests: add test data The goal of this commit is to add some constants that can be used to define datasets and add test data in a more readable and reusable manner. All platforms using ECC need to support calculations with at least 192 bits, therefore constants for this length are added. We are not using a curve prime as those will be tested elsewhere and it is better not to play favourites. All platforms using RSA or FFDH need to support calculations with at least 1024 bits, therefore numbers of this size are added too. A safe prime is added for both sizes as it makes all elements generators (except 0 and 1 of course), which in turn makes some tests more effective. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_data.py | 109 +++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 scripts/mbedtls_dev/bignum_data.py diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py new file mode 100644 index 0000000000..78fbb8c049 --- /dev/null +++ b/scripts/mbedtls_dev/bignum_data.py @@ -0,0 +1,109 @@ +"""Base values and datasets for bignum generated tests and helper functions that +produced them.""" +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import random + +# Functions calling these were used to produce test data and are here only for +# reproducability, they are not used by the test generation framework/classes +try: + from Cryptodome.Util.number import isPrime, getPrime #type: ignore #pylint: disable=import-error +except ImportError: + pass + +# Generated by bignum_common.gen_safe_prime(192,1) +SAFE_PRIME_192_BIT_SEED_1 = "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b" + +# First number generated by random.getrandbits(192) - seed(2,2), not a prime +RANDOM_192_BIT_SEED_2_NO1 = "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973" + +# Second number generated by random.getrandbits(192) - seed(2,2), not a prime +RANDOM_192_BIT_SEED_2_NO2 = "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" + +# Third number generated by random.getrandbits(192) - seed(2,2), not a prime +RANDOM_192_BIT_SEED_2_NO3 = "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f" + +# Fourth number generated by random.getrandbits(192) - seed(2,2), not a prime +RANDOM_192_BIT_SEED_2_NO4 = "ffed9235288bc781ae66267594c9c9500925e4749b575bd1" + +# Ninth number generated by random.getrandbits(192) - seed(2,2), not a prime +RANDOM_192_BIT_SEED_2_NO9 = "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f" + +# Generated by bignum_common.gen_safe_prime(1024,3) +SAFE_PRIME_1024_BIT_SEED_3 = ("c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b" + "2c9d156f8e4e18abf5e052cb01f47d0d1925a77f60991577" + "e128fb6f52f34a27950a594baadd3d8057abeb222cf3cca9" + "62db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130" + "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c82" + "87b3996cf6ad5223") + +# First number generated by random.getrandbits(1024) - seed(4,2), not a prime +RANDOM_1024_BIT_SEED_4_NO1 = ("6905269ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed" + "3addccb2c33be0ac79d679346d4ac7a5c3902b38963dc6e8" + "534f45738d048ec0f1099c6c3e1b258fd724452ccea71ff4" + "a14876aeaff1a098ca5996666ceab360512bd13110722311" + "710cf5327ac435a7a97c643656412a9b8a1abcd1a6916c74" + "da4f9fc3c6da5d7") + +# Second number generated by random.getrandbits(1024) - seed(4,2), not a prime +RANDOM_1024_BIT_SEED_4_NO2 = ("f1cfd99216df648647adec26793d0e453f5082492d83a823" + "3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4" + "d8441b5616332aca5f552773e14b0190d93936e1daca3c06" + "f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0" + "2a3187853184ff27459142deccea264542a00403ce80c4b0" + "a4042bb3d4341aad") + +# Third number generated by random.getrandbits(1024) - seed(4,2), not a prime +RANDOM_1024_BIT_SEED_4_NO3 = ("14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38" + "3bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd" + "6c79a3de69f85e3131f3b9238224b122c3e4a892d9196ada" + "4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f" + "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecf" + "d160c5d0ef412ed6") + +# Fourth number generated by random.getrandbits(1024) - seed(4,2), not a prime +RANDOM_1024_BIT_SEED_4_NO4 = ("32decd6b8efbc170a26a25c852175b7a96b98b5fbf37a2be" + "6f98bca35b17b9662f0733c846bbe9e870ef55b1a1f65507" + "a2909cb633e238b4e9dd38b869ace91311021c9e32111ac1" + "ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1" + "a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac" + "7671863c0bdbc23a") + +# Fifth number generated by random.getrandbits(1024) - seed(4,2), not a prime +RANDOM_1024_BIT_SEED_4_NO5 = ("53be4721f5b9e1f5acdac615bc20f6264922b9ccf469aef8" + "f6e7d078e55b85dd1525f363b281b8885b69dc230af5ac87" + "0692b534758240df4a7a03052d733dcdef40af2e54c0ce68" + "1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b" + "4708d9893a973000b54a23020fc5b043d6e4a51519d9c9cc" + "52d32377e78131c1") + +def __gen_safe_prime(bits, seed): + ''' + Generate a safe prime. + + This function is intended for generating constants offline and shouldn't be + used in test generation classes. + + Requires pycryptodomex for getPrime and isPrime and python 3.9 or later for + randbytes. + ''' + rng = random.Random() + # We want reproducability across python versions + rng.seed(seed, version=2) + while True: + prime = 2*getPrime(bits-1, rng.randbytes)+1 #pylint: disable=no-member + if isPrime(prime, 1e-30): + return prime From dac44e6021f0653352ef81611738f8cbf432543d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 11:58:12 +0000 Subject: [PATCH 094/139] Bignum tests: add default datasets Add data for small values, 192 bit and 1024 bit values, primes, non-primes odd, even, and some typical corner cases. All subclasses override this for the time being so there are no changes to the test cases. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 5 +++-- scripts/mbedtls_dev/bignum_data.py | 27 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index b68653a037..e03c1c3f8a 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -20,6 +20,7 @@ from itertools import chain from . import test_case from . import test_data_generation +from .bignum_data import INPUTS_DEFAULT, MODULI_DEFAULT T = TypeVar('T') #pylint: disable=invalid-name @@ -90,7 +91,7 @@ class OperationCommon(test_data_generation.BaseTest): values are 1 and 2. """ symbol = "" - input_values = [] # type: List[str] + input_values = INPUTS_DEFAULT # type: List[str] input_cases = [] # type: List[Any] unique_combinations_only = True input_styles = ["variable", "fixed", "arch_split"] # type: List[str] @@ -240,7 +241,7 @@ class OperationCommon(test_data_generation.BaseTest): class ModOperationCommon(OperationCommon): #pylint: disable=abstract-method """Target for bignum mod_raw test case generation.""" - moduli = [] # type: List[str] + moduli = MODULI_DEFAULT # type: List[str] def __init__(self, val_n: str, val_a: str, val_b: str = "0", bits_in_limb: int = 64) -> None: diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py index 78fbb8c049..74d21d0ca5 100644 --- a/scripts/mbedtls_dev/bignum_data.py +++ b/scripts/mbedtls_dev/bignum_data.py @@ -90,6 +90,33 @@ RANDOM_1024_BIT_SEED_4_NO5 = ("53be4721f5b9e1f5acdac615bc20f6264922b9ccf469aef8" "4708d9893a973000b54a23020fc5b043d6e4a51519d9c9cc" "52d32377e78131c1") +# Adding 192 bit and 1024 bit numbers because these are the shortest required +# for ECC and RSA respectively. +INPUTS_DEFAULT = [ + "0", "1", # corner cases + "2", "3", # small primes + "4", # non-prime even + "38", # small random + SAFE_PRIME_192_BIT_SEED_1, # prime + RANDOM_192_BIT_SEED_2_NO1, # not a prime + RANDOM_192_BIT_SEED_2_NO2, # not a prime + SAFE_PRIME_1024_BIT_SEED_3, # prime + RANDOM_1024_BIT_SEED_4_NO1, # not a prime + RANDOM_1024_BIT_SEED_4_NO3, # not a prime + RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime) + ] + +# Only odd moduli are present as in the new bignum code only odd moduli are +# supported for now. +MODULI_DEFAULT = [ + "53", # safe prime + "45", # non-prime + SAFE_PRIME_192_BIT_SEED_1, # safe prime + RANDOM_192_BIT_SEED_2_NO4, # not a prime + SAFE_PRIME_1024_BIT_SEED_3, # safe prime + RANDOM_1024_BIT_SEED_4_NO5, # not a prime + ] + def __gen_safe_prime(bits, seed): ''' Generate a safe prime. From be5e7aea7ceefc27dd69f405da1ed76170ba231c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 12:45:58 +0000 Subject: [PATCH 095/139] Bignum tests: remove deprecated dataset Remove old dataset that was overriding the defaults in bignum_core. This will change the datasets for core_sub and core_add to the default inherited from bignum_common. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_core.py | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 1bfc652efb..deff6a8a6c 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -107,31 +107,9 @@ class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): .create_test_case()) -INPUT_VALUES = [ - "0", "1", "3", "f", "fe", "ff", "100", "ff00", "fffe", "ffff", "10000", - "fffffffe", "ffffffff", "100000000", "1f7f7f7f7f7f7f", - "8000000000000000", "fefefefefefefefe", "fffffffffffffffe", - "ffffffffffffffff", "10000000000000000", "1234567890abcdef0", - "fffffffffffffffffefefefefefefefe", "fffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffff", "100000000000000000000000000000000", - "1234567890abcdef01234567890abcdef0", - "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe", - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "10000000000000000000000000000000000000000000000000000000000000000", - "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", - ( - "4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029" - "643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947" - "c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0" - "cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b" - ) -] - class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon): #pylint: disable=abstract-method """Common features for bignum core operations.""" - input_values = INPUT_VALUES class BignumCoreAddAndAddIf(BignumCoreOperation): From 76c21bd2421cd8ecb0bcd31c095399f31cb9da2e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 12:52:53 +0000 Subject: [PATCH 096/139] Bignum tests: flatten class hierarchy in _core There is no semantic changes to the generated tests, the order of the test blocks has changed. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_core.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index deff6a8a6c..806e131935 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -107,12 +107,7 @@ class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): .create_test_case()) -class BignumCoreOperation(BignumCoreTarget, bignum_common.OperationCommon): - #pylint: disable=abstract-method - """Common features for bignum core operations.""" - - -class BignumCoreAddAndAddIf(BignumCoreOperation): +class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon): """Test cases for bignum core add and add-if.""" count = 0 symbol = "+" @@ -131,7 +126,7 @@ class BignumCoreAddAndAddIf(BignumCoreOperation): ] -class BignumCoreSub(BignumCoreOperation): +class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon): """Test cases for bignum core sub.""" count = 0 symbol = "-" @@ -157,7 +152,7 @@ class BignumCoreSub(BignumCoreOperation): ] -class BignumCoreMLA(BignumCoreOperation): +class BignumCoreMLA(BignumCoreTarget, bignum_common.OperationCommon): """Test cases for fixed-size multiply accumulate.""" count = 0 test_function = "mpi_core_mla" From f45797652fef6a53a11bd760c76e3f987f03a901 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 13:32:54 +0000 Subject: [PATCH 097/139] Bignum tests: set unique combinations off by default Normally we need all the combinations, unique combinations make sense only if the operation is commutative. No changes to generated tests. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_common.py | 2 +- scripts/mbedtls_dev/bignum_core.py | 3 +-- tests/scripts/generate_bignum_tests.py | 1 + 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index e03c1c3f8a..67ea78db46 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -93,7 +93,7 @@ class OperationCommon(test_data_generation.BaseTest): symbol = "" input_values = INPUTS_DEFAULT # type: List[str] input_cases = [] # type: List[Any] - unique_combinations_only = True + unique_combinations_only = False input_styles = ["variable", "fixed", "arch_split"] # type: List[str] input_style = "variable" # type: str limb_sizes = [32, 64] # type: List[int] diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 806e131935..4910daea87 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -114,6 +114,7 @@ class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon): test_function = "mpi_core_add_and_add_if" test_name = "mpi_core_add_and_add_if" input_style = "arch_split" + unique_combinations_only = True def result(self) -> List[str]: result = self.int_a + self.int_b @@ -132,7 +133,6 @@ class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon): symbol = "-" test_function = "mpi_core_sub" test_name = "mbedtls_mpi_core_sub" - unique_combinations_only = False def result(self) -> List[str]: if self.int_a >= self.int_b: @@ -157,7 +157,6 @@ class BignumCoreMLA(BignumCoreTarget, bignum_common.OperationCommon): count = 0 test_function = "mpi_core_mla" test_name = "mbedtls_mpi_core_mla" - unique_combinations_only = False input_values = [ "0", "1", "fffe", "ffffffff", "100000000", "20000000000000", diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 89d0ac29e0..c3058e98a9 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -78,6 +78,7 @@ class BignumOperation(bignum_common.OperationCommon, BignumTarget, metaclass=ABCMeta): #pylint: disable=abstract-method """Common features for bignum operations in legacy tests.""" + unique_combinations_only = True input_values = [ "", "0", "-", "-0", "7b", "-7b", From f352c67bc30e48c4162126f340e247d5835b8627 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 20 Nov 2022 13:40:25 +0000 Subject: [PATCH 098/139] Bignum tests: use default dataset in mod_raw While at it, flatten class hierarchy as well. Signed-off-by: Janos Follath --- scripts/mbedtls_dev/bignum_mod_raw.py | 79 ++------------------------- 1 file changed, 5 insertions(+), 74 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index b23fbb2dc8..60f2feded6 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -49,98 +49,29 @@ class BignumModRawTarget(test_data_generation.BaseTarget): # END MERGE SLOT 6 # BEGIN MERGE SLOT 7 + class BignumModRawConvertToMont(bignum_common.ModOperationCommon, BignumModRawTarget): """ Test cases for mpi_mod_raw_to_mont_rep(). """ - test_function = "mpi_mod_raw_to_mont_rep" test_name = "Convert into Mont: " symbol = "R *" input_style = "arch_split" arity = 1 - moduli = ["b", - "fd", - "eeff99aa37", - "eeff99aa11", - "800000000005", - "7fffffffffffffff", - "80fe000a10000001", - "25a55a46e5da99c71c7", - "1058ad82120c3a10196bb36229c1", - "7e35b84cb19ea5bc57ec37f5e431462fa962d98c1e63738d4657f" - "18ad6532e6adc3eafe67f1e5fa262af94cee8d3e7268593942a2a" - "98df75154f8c914a282f8b", - "8335616aed761f1f7f44e6bd49e807b82e3bf2bf11bfa63", - "ffcece570f2f991013f26dd5b03c4c5b65f97be5905f36cb4664f" - "2c78ff80aa8135a4aaf57ccb8a0aca2f394909a74cef1ef6758a6" - "4d11e2c149c393659d124bfc94196f0ce88f7d7d567efa5a649e2" - "deefaa6e10fdc3deac60d606bf63fc540ac95294347031aefd73d" - "6a9ee10188aaeb7a90d920894553cb196881691cadc51808715a0" - "7e8b24fcb1a63df047c7cdf084dd177ba368c806f3d51ddb5d389" - "8c863e687ecaf7d649a57a46264a582f94d3c8f2edaf59f77a7f6" - "bdaf83c991e8f06abe220ec8507386fce8c3da84c6c3903ab8f3a" - "d4630a204196a7dbcbd9bcca4e40ec5cc5c09938d49f5e1e6181d" - "b8896f33bb12e6ef73f12ec5c5ea7a8a337" - ] - - input_values = ["0", - "1", - "97", - "f5", - "6f5c3", - "745bfe50f7", - "ffa1f9924123", - "334a8b983c79bd", - "5b84f632b58f3461", - "19acd15bc38008e1", - "ffffffffffffffff", - "54ce6a6bb8247fa0427cfc75a6b0599", - "fecafe8eca052f154ce6a6bb8247fa019558bfeecce9bb9", - "a87d7a56fa4bfdc7da42ef798b9cf6843d4c54794698cb14d72" - "851dec9586a319f4bb6d5695acbd7c92e7a42a5ede6972adcbc" - "f68425265887f2d721f462b7f1b91531bac29fa648facb8e3c6" - "1bd5ae42d5a59ba1c89a95897bfe541a8ce1d633b98f379c481" - "6f25e21f6ac49286b261adb4b78274fe5f61c187581f213e84b" - "2a821e341ef956ecd5de89e6c1a35418cd74a549379d2d4594a" - "577543147f8e35b3514e62cf3e89d1156cdc91ab5f4c928fbd6" - "9148c35df5962fed381f4d8a62852a36823d5425f7487c13a12" - "523473fb823aa9d6ea5f42e794e15f2c1a8785cf6b7d51a4617" - "947fb3baf674f74a673cf1d38126983a19ed52c7439fab42c2185" - ] - def result(self) -> List[str]: result = (self.int_a * self.r) % self.int_n return [self.format_result(result)] -class BignumModRawConvertFromMont(BignumModRawConvertToMont): +class BignumModRawConvertFromMont(bignum_common.ModOperationCommon, + BignumModRawTarget): """ Test cases for mpi_mod_raw_from_mont_rep(). """ - count = 0 test_function = "mpi_mod_raw_from_mont_rep" test_name = "Convert from Mont: " symbol = "1/R *" - - input_values = ["0", - "1", - "3ca", - "539ed428", - "7dfe5c6beb35a2d6", - "dca8de1c2adfc6d7aafb9b48e", - "a7d17b6c4be72f3d5c16bf9c1af6fc933", - "2fec97beec546f9553142ed52f147845463f579", - "378dc83b8bc5a7b62cba495af4919578dce6d4f175cadc4f", - "b6415f2a1a8e48a518345db11f56db3829c8f2c6415ab4a395a" - "b3ac2ea4cbef4af86eb18a84eb6ded4c6ecbfc4b59c2879a675" - "487f687adea9d197a84a5242a5cf6125ce19a6ad2e7341f1c57" - "d43ea4f4c852a51cb63dabcd1c9de2b827a3146a3d175b35bea" - "41ae75d2a286a3e9d43623152ac513dcdea1d72a7da846a8ab3" - "58d9be4926c79cfb287cf1cf25b689de3b912176be5dcaf4d4c" - "6e7cb839a4a3243a6c47c1e2c99d65c59d6fa3672575c2f1ca8" - "de6a32e854ec9d8ec635c96af7679fce26d7d159e4a9da3bd74" - "e1272c376cd926d74fe3fb164a5935cff3d5cdb92b35fe2cea32" - "138a7e6bfbc319ebd1725dacb9a359cbf693f2ecb785efb9d627" - ] + input_style = "arch_split" + arity = 1 def result(self) -> List[str]: result = (self.int_a * self.r_inv) % self.int_n From cd356c3cdb312e276473e038d1593f6f92bcd5b3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 20 Nov 2022 19:05:20 +0100 Subject: [PATCH 099/139] Add ec-jpake test to verify if key can be destroyed after set_password_key Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 9 +++++++-- tests/suites/test_suite_psa_crypto.function | 5 ++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cce3fd0fe8..659205d529 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6549,11 +6549,16 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ PSA PAKE: ecjpake rounds depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0 PSA PAKE: ecjpake rounds, client input first depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1 +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":1:0 + +# This test case relies on implementation (it may need to be adjusted in the future) +PSA PAKE: ecjpake rounds - key is destroyed after being passed to set_password_key +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1 PSA PAKE: ecjpake no input errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 60befa73f4..f84a0cc3f5 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9002,7 +9002,7 @@ exit: /* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, - int client_input_first ) + int client_input_first, int destroy_key ) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t server = psa_pake_operation_init(); @@ -9053,6 +9053,9 @@ void ecjpake_rounds( int alg_arg, int primitive_arg, int hash_arg, PSA_ASSERT( psa_pake_set_password_key( &server, key ) ); PSA_ASSERT( psa_pake_set_password_key( &client, key ) ); + if( destroy_key == 1 ) + psa_destroy_key( key ); + TEST_EQUAL( psa_pake_get_implicit_key( &server, &server_derive ), PSA_ERROR_BAD_STATE ); TEST_EQUAL( psa_pake_get_implicit_key( &client, &client_derive ), From 79f6b6bb1bcbef2fb783cb43724903dea30377f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 14:17:03 +0100 Subject: [PATCH 100/139] tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() It might happen that the psa_pake_output() function returns elements which are not exactly 32 or 65 bytes as expected, but 1 bytes less. As a consequence, insted of hardcoding the expected value for the length in the output buffer, we write the correct one as obtained from psa_pake_output() Signed-off-by: Valerio Setti --- library/ssl_tls.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c1436c5321..7b51040c46 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8259,20 +8259,27 @@ int mbedtls_psa_ecjpake_write_round( step <= PSA_PAKE_STEP_ZK_PROOF; ++step ) { - /* For each step, prepend 1 byte with the length of the data */ - *(buf + output_offset) = MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ); - output_offset += 1; - + /* + * For each step, prepend 1 byte with the length of the data. + * + * NOTE = psa_pake_output() sometimes output elements which are + * NOT 32 or 65 bytes as expected, but 1 byte less. So, instead + * of hardcoding the expected length, we + * - get the output first + * - then write the length of this output + */ status = psa_pake_output( pake_ctx, step, - buf + output_offset, - len - output_offset, + buf + output_offset + 1, + len - output_offset - 1, &output_len ); if( status != PSA_SUCCESS ) { return( psa_ssl_status_to_mbedtls( status ) ); } - output_offset += output_len; + *(buf + output_offset) = output_len; + + output_offset += output_len + 1; } } From 5151bdf46eb83823c4946c500c48bbad3b8f76e7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 21 Nov 2022 14:30:02 +0100 Subject: [PATCH 101/139] tls: psa_pake: add missing braces Signed-off-by: Valerio Setti --- library/ssl_tls12_client.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7c293ec9e4..5ff8ab4b84 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2354,7 +2354,9 @@ start_processing: if( ( *p != MBEDTLS_ECP_TLS_NAMED_CURVE ) || ( read_tls_id != curve_info->tls_id ) ) + { return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } p += 3; From e2d6b5f45b207efa6745cfdbf73332e7403bb5b8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 21 Nov 2022 15:03:52 +0100 Subject: [PATCH 102/139] psa_key_slot_get_slot_number: Move documentation to header file Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 13 ------------- library/psa_crypto_core.h | 10 ++++++++++ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 55319c4bdb..8c9deffadf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -877,19 +877,6 @@ static psa_status_t psa_restrict_key_policy( return( PSA_SUCCESS ); } -/** Get the description of a key given its identifier and policy constraints - * and lock it. - * - * The key must have allow all the usage flags set in \p usage. If \p alg is - * nonzero, the key must allow operations with this algorithm. If \p alg is - * zero, the algorithm is not checked. - * - * In case of a persistent key, the function loads the description of the key - * into a key slot if not already done. - * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. - */ psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 37f8162de7..5cefa273aa 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -185,6 +185,16 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( /** Get the description of a key given its identifier and policy constraints * and lock it. + * + * The key must have allow all the usage flags set in \p usage. If \p alg is + * nonzero, the key must allow operations with this algorithm. If \p alg is + * zero, the algorithm is not checked. + * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. */ psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, From ad0f357178448f9483c572b26b32345d182a99b4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 21 Nov 2022 15:04:37 +0100 Subject: [PATCH 103/139] Optimize pake code that sets/use password key Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index ef31af4204..9ac4c5f291 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -256,9 +256,6 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, return( PSA_ERROR_BAD_STATE ); } - if( psa_is_valid_key_id( password, 1 ) == 0 ) - return( PSA_ERROR_BAD_STATE ); - status = psa_get_key_attributes( password, &attributes ); if( status != PSA_SUCCESS ) return( status ); @@ -283,15 +280,8 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( status != PSA_SUCCESS ) return( status ); - if( slot->key.data == NULL || slot->key.bytes == 0 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation->password != NULL ) - { - mbedtls_platform_zeroize( operation->password, operation->password_len ); - mbedtls_free( operation->password ); - operation->password_len = 0; - } + return( PSA_ERROR_BAD_STATE ); operation->password = mbedtls_calloc( 1, slot->key.bytes ); if( operation->password == NULL ) @@ -388,11 +378,8 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) else return( PSA_ERROR_BAD_STATE ); - if (operation->password == NULL || - operation->password_len == 0 ) - { + if( operation->password_len == 0 ) return( PSA_ERROR_BAD_STATE ); - } ret = mbedtls_ecjpake_setup( &operation->ctx.ecjpake, role, @@ -404,6 +391,11 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) if( ret != 0 ) return( mbedtls_ecjpake_to_psa_error( ret ) ); + mbedtls_platform_zeroize( operation->password, operation->password_len ); + mbedtls_free( operation->password ); + operation->password = NULL; + operation->password_len = 0; + operation->state = PSA_PAKE_STATE_READY; return( PSA_SUCCESS ); @@ -453,7 +445,13 @@ static psa_status_t psa_pake_output_internal( if( operation->state == PSA_PAKE_STATE_SETUP ) { status = psa_pake_ecjpake_setup( operation ); if( status != PSA_SUCCESS ) + { + mbedtls_platform_zeroize( operation->password, operation->password_len ); + mbedtls_free( operation->password ); + operation->password = NULL; + operation->password_len = 0; return( status ); + } } if( operation->state != PSA_PAKE_STATE_READY && @@ -661,7 +659,13 @@ static psa_status_t psa_pake_input_internal( { status = psa_pake_ecjpake_setup( operation ); if( status != PSA_SUCCESS ) + { + mbedtls_platform_zeroize( operation->password, operation->password_len ); + mbedtls_free( operation->password ); + operation->password = NULL; + operation->password_len = 0; return( status ); + } } if( operation->state != PSA_PAKE_STATE_READY && @@ -865,7 +869,8 @@ psa_status_t psa_pake_abort(psa_pake_operation_t * operation) { operation->input_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID; - mbedtls_platform_zeroize( operation->password, operation->password_len ); + if( operation->password_len > 0 ) + mbedtls_platform_zeroize( operation->password, operation->password_len ); mbedtls_free( operation->password ); operation->password = NULL; operation->password_len = 0; From f82effa9826a0e93aaa8c4c7928ad1016a16a8e8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 21 Nov 2022 15:10:32 +0100 Subject: [PATCH 104/139] Optimize pake test code Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.function | 40 ++++++++++----------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f84a0cc3f5..ca1614befa 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -32,25 +32,23 @@ #define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 ) #if defined(PSA_WANT_ALG_JPAKE) -void ecjpake_operation_setup( psa_pake_operation_t *operation, +int ecjpake_operation_setup( psa_pake_operation_t *operation, psa_pake_cipher_suite_t *cipher_suite, psa_pake_role_t role, mbedtls_svc_key_id_t key, size_t key_available ) { - *operation = psa_pake_operation_init(); + PSA_ASSERT( psa_pake_abort( operation ) ); - TEST_EQUAL( psa_pake_setup( operation, cipher_suite ), - PSA_SUCCESS ); + PSA_ASSERT( psa_pake_setup( operation, cipher_suite ) ); - TEST_EQUAL( psa_pake_set_role( operation, role), - PSA_SUCCESS ); + PSA_ASSERT( psa_pake_set_role( operation, role) ); if( key_available ) - TEST_EQUAL( psa_pake_set_password_key( operation, key ), - PSA_SUCCESS ); + PSA_ASSERT( psa_pake_set_password_key( operation, key ) ); + return 0; exit: - return; + return 1; } #endif @@ -8865,21 +8863,21 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, NULL, 0 ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid parameters (step) */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ) , 0 ); TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, size_zk_proof ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid first step */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ), 0 ); TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_ZK_PROOF, output_buffer, size_zk_proof ), PSA_ERROR_BAD_STATE ); /* Possibly valid */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ), 0 ); TEST_EQUAL( psa_pake_input( &operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, size_key_share ), expected_status_input_output); @@ -8904,21 +8902,21 @@ void ecjpake_setup( int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, NULL, 0, NULL ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid parameters (step) */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ), 0 ); TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF + 10, output_buffer, buf_size, &output_len ), PSA_ERROR_INVALID_ARGUMENT ); /* Invalid first step */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ), 0 ); TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_ZK_PROOF, output_buffer, buf_size, &output_len ), PSA_ERROR_BAD_STATE ); /* Possibly valid */ - ecjpake_operation_setup( &operation, &cipher_suite, role, - key, pw_data->len ); + TEST_EQUAL( ecjpake_operation_setup( &operation, &cipher_suite, role, + key, pw_data->len ), 0 ); TEST_EQUAL( psa_pake_output( &operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, buf_size, &output_len ), expected_status_input_output ); From fdd24b8c496449abc1e024857d582ea8b6b4b4b4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 22 Nov 2022 13:12:56 +0800 Subject: [PATCH 105/139] Revert change in flight transmit Signed-off-by: Jerry Yu --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index cacedcaf99..80471d4c5d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2343,7 +2343,7 @@ int mbedtls_ssl_flight_transmit( mbedtls_ssl_context *ssl ) return( ret ); /* Update state and set timer */ - if( ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER ) + if( mbedtls_ssl_is_handshake_over( ssl ) == 1 ) ssl->handshake->retransmit_state = MBEDTLS_SSL_RETRANS_FINISHED; else { From c2e110f44577908617815915f52793c6c39483f0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Nov 2022 09:01:46 +0100 Subject: [PATCH 106/139] tls13: Disable MBEDTLS_SSL_EARLY_DATA by default Eventually we want it to be enabled by default when TLS 1.3 is enabled but currently the feature is on development thus it should not be enabled by default. Signed-off-by: Ronald Cron --- include/mbedtls/mbedtls_config.h | 2 +- tests/scripts/all.sh | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3f869b9ffc..12d503e389 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1648,7 +1648,7 @@ * production. * */ -#define MBEDTLS_SSL_EARLY_DATA +//#define MBEDTLS_SSL_EARLY_DATA /** * \def MBEDTLS_SSL_PROTO_DTLS diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8272dcc312..3a69fd7d72 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3250,6 +3250,7 @@ component_build_armcc () { component_test_tls13_only () { msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3, without MBEDTLS_SSL_PROTO_TLS1_2" + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test: TLS 1.3 only, all key exchange modes enabled" @@ -3269,6 +3270,7 @@ component_test_tls13_only_psk () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK key exchange mode enabled" @@ -3301,6 +3303,7 @@ component_test_tls13_only_psk_ephemeral () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, only PSK ephemeral key exchange mode" @@ -3318,6 +3321,7 @@ component_test_tls13_only_psk_all () { scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_PKCS1_V21 + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, PSK and PSK ephemeral key exchange modes" @@ -3330,6 +3334,7 @@ component_test_tls13_only_psk_all () { component_test_tls13_only_ephemeral_all () { msg "build: TLS 1.3 only from default, without PSK key exchange mode" scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED + scripts/config.py set MBEDTLS_SSL_EARLY_DATA make CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/tls13-only.h\"'" msg "test_suite_ssl: TLS 1.3 only, ephemeral and PSK ephemeral key exchange modes" @@ -3344,6 +3349,7 @@ component_test_tls13 () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py set MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 + scripts/config.py set MBEDTLS_SSL_EARLY_DATA CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" @@ -3357,6 +3363,7 @@ component_test_tls13_no_compatibility_mode () { scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE scripts/config.py set MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 1 + scripts/config.py set MBEDTLS_SSL_EARLY_DATA CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3 enabled, without padding" From 0bdec19c93a2aacf023c46bb81e3ce0fb8cc6baa Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 09:10:35 +0100 Subject: [PATCH 107/139] Further optimizations of pake set_password implementation Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 9ac4c5f291..659b712a5b 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -274,19 +274,19 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, if( ( usage & PSA_KEY_USAGE_DERIVE ) == 0 ) return( PSA_ERROR_NOT_PERMITTED ); + if( operation->password != NULL ) + return( PSA_ERROR_BAD_STATE ); + status = psa_get_and_lock_key_slot_with_policy( password, &slot, PSA_KEY_USAGE_DERIVE, PSA_ALG_JPAKE ); if( status != PSA_SUCCESS ) return( status ); - if( operation->password != NULL ) - return( PSA_ERROR_BAD_STATE ); - operation->password = mbedtls_calloc( 1, slot->key.bytes ); if( operation->password == NULL ) { - status = psa_unlock_key_slot( slot ); + psa_unlock_key_slot( slot ); return( PSA_ERROR_INSUFFICIENT_MEMORY ); } memcpy( operation->password, slot->key.data, slot->key.bytes ); @@ -388,14 +388,14 @@ static psa_status_t psa_pake_ecjpake_setup( psa_pake_operation_t *operation ) operation->password, operation->password_len ); - if( ret != 0 ) - return( mbedtls_ecjpake_to_psa_error( ret ) ); - mbedtls_platform_zeroize( operation->password, operation->password_len ); mbedtls_free( operation->password ); operation->password = NULL; operation->password_len = 0; + if( ret != 0 ) + return( mbedtls_ecjpake_to_psa_error( ret ) ); + operation->state = PSA_PAKE_STATE_READY; return( PSA_SUCCESS ); @@ -445,13 +445,7 @@ static psa_status_t psa_pake_output_internal( if( operation->state == PSA_PAKE_STATE_SETUP ) { status = psa_pake_ecjpake_setup( operation ); if( status != PSA_SUCCESS ) - { - mbedtls_platform_zeroize( operation->password, operation->password_len ); - mbedtls_free( operation->password ); - operation->password = NULL; - operation->password_len = 0; return( status ); - } } if( operation->state != PSA_PAKE_STATE_READY && @@ -659,13 +653,7 @@ static psa_status_t psa_pake_input_internal( { status = psa_pake_ecjpake_setup( operation ); if( status != PSA_SUCCESS ) - { - mbedtls_platform_zeroize( operation->password, operation->password_len ); - mbedtls_free( operation->password ); - operation->password = NULL; - operation->password_len = 0; return( status ); - } } if( operation->state != PSA_PAKE_STATE_READY && From 8bee89994dbcc119812ac81102eb22e959cf9093 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 27 Oct 2022 10:21:05 +0000 Subject: [PATCH 108/139] Add parse function for early data in encrypted extentions Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 63 +++++++++++++++++++++++++++++++ tests/opt-testcases/tls13-misc.sh | 4 +- 2 files changed, 65 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0372f2d98d..839fe3679a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1335,6 +1335,53 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, return( 0 ); } +#if defined(MBEDTLS_SSL_EARLY_DATA) +/* + * ssl_tls13_parse_ee_early_data_ext() + * Parse early data indication extension in EncryptedExtensions. + * + * struct {} Empty; + * + * struct { + * select (Handshake.msg_type) { + * ... + * case client_hello: Empty; + * case encrypted_extensions: Empty; + * }; + * } EarlyDataIndication; + * + */ + +MBEDTLS_CHECK_RETURN_CRITICAL +static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, + const unsigned char *buf, + size_t len ) +{ + if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) + { + /* The server must not send the EarlyDataIndication if the + * client hasn't indicated the use of early data. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + } + + if( len != 0 ) + { + /* The message must be empty. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + /* Nothing to parse */ + ((void) buf); + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + return( 0 ); +} +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /* Returns a negative value on failure, and otherwise * - SSL_SERVER_HELLO or * - SSL_SERVER_HELLO_HRR @@ -2060,6 +2107,22 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, break; #endif /* MBEDTLS_SSL_ALPN */ + +#if defined(MBEDTLS_SSL_EARLY_DATA) + case MBEDTLS_TLS_EXT_EARLY_DATA: + ret = ssl_tls13_parse_ee_early_data_ext( + ssl, p, (size_t)extension_data_len ); + if( ret != 0 ) + { + ssl->early_data_status = + MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; + MBEDTLS_SSL_DEBUG_RET( + 1, "ssl_tls13_parse_ee_early_data_ext", ret ); + return( ret ); + } + break; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + default: MBEDTLS_SSL_PRINT_EXT( 3, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index edece456b3..ed428480c4 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -301,7 +301,7 @@ run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ -c "NewSessionTicket: early_data(42) extension received." \ -c "ClientHello: early_data(42) extension exists." \ -c "EncryptedExtensions: early_data(42) extension received." \ - -c "EncryptedExtensions: early_data(42) extension ( ignored )." \ + -c "EncryptedExtensions: early_data(42) extension exists." \ -s "Parsing extension 'Early Data/42' (0 bytes)" \ -s "Sending extension Early Data/42 (0 bytes)" \ -s "early data accepted" @@ -322,7 +322,7 @@ run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ -C "NewSessionTicket: early_data(42) extension received." \ -c "ClientHello: early_data(42) extension does not exist." \ -C "EncryptedExtensions: early_data(42) extension received." \ - -C "EncryptedExtensions: early_data(42) extension ( ignored )." + -C "EncryptedExtensions: early_data(42) extension exists." #TODO: OpenSSL tests don't work now. It might be openssl options issue, cause GnuTLS has worked. skip_next_test From d4a9b1ab8d124eaf7bff20d4bfe078f4ddc09483 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 11:11:10 +0100 Subject: [PATCH 109/139] tls: psa_pake: remove useless defines and fix a comment Signed-off-by: Valerio Setti --- library/ssl_misc.h | 11 ----------- library/ssl_tls.c | 9 ++------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 0f43a18f42..2ff7e0c22a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2367,17 +2367,6 @@ static inline int psa_ssl_status_to_mbedtls( psa_status_t status ) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ defined(MBEDTLS_USE_PSA_CRYPTO) -/* Currently JPAKE only supports elliptic curve secp256r1 */ -#define MBEDTLS_SSL_ECJPAKE_PSA_PRIMITIVE \ - PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, \ - PSA_ECC_FAMILY_SECP_R1, 256 ) - -/* Expected output data size for each "step" of EC-JPAKE key echange */ -#define MBEDTLS_SSL_ECJPAKE_OUTPUT_SIZE( step ) \ - PSA_PAKE_OUTPUT_SIZE( PSA_ALG_JPAKE, \ - MBEDTLS_SSL_ECJPAKE_PSA_PRIMITIVE, \ - step ) - typedef enum { MBEDTLS_ECJPAKE_ROUND_ONE, MBEDTLS_ECJPAKE_ROUND_TWO diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7b51040c46..5bfdde7bc3 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8260,13 +8260,8 @@ int mbedtls_psa_ecjpake_write_round( ++step ) { /* - * For each step, prepend 1 byte with the length of the data. - * - * NOTE = psa_pake_output() sometimes output elements which are - * NOT 32 or 65 bytes as expected, but 1 byte less. So, instead - * of hardcoding the expected length, we - * - get the output first - * - then write the length of this output + * For each step, prepend 1 byte with the length of the data as + * given by psa_pake_output(). */ status = psa_pake_output( pake_ctx, step, buf + output_offset + 1, From 18a3856a03bb246db82069ff330dbb2343239281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 22 Nov 2022 11:49:55 +0100 Subject: [PATCH 110/139] Document another limitation of driver-only hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-hashes.txt | 16 ++++++++++------ include/mbedtls/mbedtls_config.h | 20 ++++++++++++++++++++ 2 files changed, 30 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt index 2062bcb57d..a160f924ba 100644 --- a/ChangeLog.d/driver-only-hashes.txt +++ b/ChangeLog.d/driver-only-hashes.txt @@ -8,12 +8,16 @@ Features are only provided by PSA drivers. In these configurations, you need to call `psa_crypto_init()` before you call any function from those modules; this is not required in configurations where the built-in - implementation is still available. Note that some crypto modules and - features still depend on the built-in implementation of hashes: - MBEDTLS_HKDF_C (but the PSA HKDF function do not depend on it), - MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and MBEDTLS_ECDSA_DETERMINISTIC. - In particular, for now, compiling without built-in hashes requires use - of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + implementation is still available. Note that for modules that use MD + (RSA, PKCS5, PKCS12, EC J-PAKE) in builds that have MBEDTLS_MD_C enabled, + all hashes used with those modules need to be built-in, as drivers are only + used when MBEDTLS_MD_C is disabled; configurations where some hashes are + available as built-ins, and some only from drivers, are currently not + supported. Also note that some crypto modules and features still depend on + the built-in implementation of hashes: MBEDTLS_HKDF_C (but the PSA HKDF + functions do not depend on it), MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and + MBEDTLS_ECDSA_DETERMINISTIC. In particular, for now, compiling without + built-in hashes requires use of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no longer depend on MD. This means it is now possible to use them in configurations where the built-in implementations of hashes are excluded diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3f869b9ffc..b16a5b4d49 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1146,6 +1146,11 @@ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * before doing any PKCS#1 v2.1 operation. * + * \warning When building with MBEDTLS_MD_C, all hashes used with this + * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by + * this module in builds where MBEDTLS_MD_C is disabled. + * * This enables support for RSAES-OAEP and RSASSA-PSS operations. */ #define MBEDTLS_PKCS1_V21 @@ -2433,6 +2438,11 @@ * * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * before doing any EC J-PAKE operations. + * + * \warning When building with MBEDTLS_MD_C, all hashes used with this + * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by + * this module in builds where MBEDTLS_MD_C is disabled. */ #define MBEDTLS_ECJPAKE_C @@ -2777,6 +2787,11 @@ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * before doing any PKCS5 operation. * + * \warning When building with MBEDTLS_MD_C, all hashes used with this + * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by + * this module in builds where MBEDTLS_MD_C is disabled. + * * This module adds support for the PKCS#5 functions. */ #define MBEDTLS_PKCS5_C @@ -2796,6 +2811,11 @@ * \warning If building without MBEDTLS_MD_C, you must call psa_crypto_init() * before doing any PKCS12 operation. * + * \warning When building with MBEDTLS_MD_C, all hashes used with this + * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by + * this module in builds where MBEDTLS_MD_C is disabled. + * * This module enables PKCS#12 functions. */ #define MBEDTLS_PKCS12_C From da13072c5bfc56a04ec5bb0bf0ab464889d3699b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 22 Nov 2022 09:08:57 +0100 Subject: [PATCH 111/139] tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental We are considering using a callback instead. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index d0558511a8..94bbee59b5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -96,7 +96,10 @@ /* Error space gap */ /** Processing of the Certificate handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 -/** Received NewSessionTicket Post Handshake Message */ +/** + * Received NewSessionTicket Post Handshake Message. + * This error code is experimental and may be changed or removed without notice. + */ #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 /* Error space gap */ /* Error space gap */ From d9b2348d8f66553a03b9f95c10d7e0768d2988b4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 25 Aug 2022 08:25:19 +0100 Subject: [PATCH 112/139] Extract MPI_CORE(sub_int) from the prototype Signed-off-by: Tom Cosgrove --- library/bignum_core.c | 15 +++++++++++++++ library/bignum_core.h | 18 ++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/library/bignum_core.c b/library/bignum_core.c index 34aecda501..0315c84f9a 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -590,6 +590,21 @@ cleanup: /* BEGIN MERGE SLOT 3 */ +mbedtls_mpi_uint MPI_CORE(sub_int)( mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *l, + mbedtls_mpi_uint c, size_t n ) +{ + for( size_t i = 0; i < n; i++ ) + { + mbedtls_mpi_uint s, t; + s = l[i]; + t = s - c; c = ( t > s ); + d[i] = t; + } + + return( c ); +} + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ diff --git a/library/bignum_core.h b/library/bignum_core.h index ad04e08283..68b4bd144c 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -504,6 +504,24 @@ int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs, /* BEGIN MERGE SLOT 3 */ +#define MPI_CORE(func) mbedtls_mpi_core_ ## func ## _minimal + +/** + * \brief Subtract unsigned integer from known-size large unsigned integers. + * Return the borrow. + * + * \param[out] d The result of the subtraction. + * \param[in] l The left operand. + * \param[in] r The unsigned scalar to subtract. + * \param n Number of limbs of \p d and \p l. + * + * \return 1 if `l < r`. + * 0 if `l >= r`. + */ +mbedtls_mpi_uint MPI_CORE(sub_int)( mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *l, + mbedtls_mpi_uint r, size_t n ); + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ From f7ff4c9a112bf0a56ee1c8ee7f1c02cb87a81857 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 25 Aug 2022 08:39:07 +0100 Subject: [PATCH 113/139] Tidy up, remove MPI_CORE(), and apply the naming convention Signed-off-by: Tom Cosgrove --- library/bignum_core.c | 17 +++++++++-------- library/bignum_core.h | 21 ++++++++++----------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 0315c84f9a..41d3239688 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -590,16 +590,17 @@ cleanup: /* BEGIN MERGE SLOT 3 */ -mbedtls_mpi_uint MPI_CORE(sub_int)( mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *l, - mbedtls_mpi_uint c, size_t n ) +mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, + mbedtls_mpi_uint c, /* doubles as carry */ + size_t limbs ) { - for( size_t i = 0; i < n; i++ ) + for( size_t i = 0; i < limbs; i++ ) { - mbedtls_mpi_uint s, t; - s = l[i]; - t = s - c; c = ( t > s ); - d[i] = t; + mbedtls_mpi_uint s = A[i]; + mbedtls_mpi_uint t = s - c; + c = ( t > s ); + X[i] = t; } return( c ); diff --git a/library/bignum_core.h b/library/bignum_core.h index 68b4bd144c..d48e7053bb 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -504,23 +504,22 @@ int mbedtls_mpi_core_fill_random( mbedtls_mpi_uint *X, size_t X_limbs, /* BEGIN MERGE SLOT 3 */ -#define MPI_CORE(func) mbedtls_mpi_core_ ## func ## _minimal - /** * \brief Subtract unsigned integer from known-size large unsigned integers. * Return the borrow. * - * \param[out] d The result of the subtraction. - * \param[in] l The left operand. - * \param[in] r The unsigned scalar to subtract. - * \param n Number of limbs of \p d and \p l. + * \param[out] X The result of the subtraction. + * \param[in] A The left operand. + * \param b The unsigned scalar to subtract. + * \param limbs Number of limbs of \p X and \p A. * - * \return 1 if `l < r`. - * 0 if `l >= r`. + * \return 1 if `A < b`. + * 0 if `A >= b`. */ -mbedtls_mpi_uint MPI_CORE(sub_int)( mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *l, - mbedtls_mpi_uint r, size_t n ); +mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, + mbedtls_mpi_uint b, + size_t limbs ); /* END MERGE SLOT 3 */ From 452c99c17331b1d5a718d2b70080c1608f0c50f3 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 25 Aug 2022 10:07:07 +0100 Subject: [PATCH 114/139] Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() Signed-off-by: Tom Cosgrove --- library/bignum.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index ba03988254..a68957a534 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -968,17 +968,15 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi carry = mbedtls_mpi_core_sub( X->p, A->p, B->p, n ); if( carry != 0 ) { - /* Propagate the carry to the first nonzero limb of X. */ - for( ; n < X->n && X->p[n] == 0; n++ ) - --X->p[n]; - /* If we ran out of space for the carry, it means that the result - * is negative. */ - if( n == X->n ) + /* Propagate the carry through the rest of X. */ + carry = mbedtls_mpi_core_sub_int( X->p + n, X->p + n, carry, X->n - n ); + + /* If we have further carry/borrow, the result is negative. */ + if( carry != 0 ) { ret = MBEDTLS_ERR_MPI_NEGATIVE_VALUE; goto cleanup; } - --X->p[n]; } /* X should always be positive as a result of unsigned subtractions. */ From 99d88c1ab488c806b4919d50301c38488f1fb478 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Nov 2022 16:03:43 +0100 Subject: [PATCH 115/139] tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round Signed-off-by: Valerio Setti --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 5bfdde7bc3..4efcee0674 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8272,7 +8272,7 @@ int mbedtls_psa_ecjpake_write_round( return( psa_ssl_status_to_mbedtls( status ) ); } - *(buf + output_offset) = output_len; + *(buf + output_offset) = (uint8_t) output_len; output_offset += output_len + 1; } From d66d5b2fef284e46953bac5a0f7ebb8f35d0e15b Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 22 Nov 2022 15:07:31 +0000 Subject: [PATCH 116/139] Add unit tests for mbedtls_mpi_core_sub_int(), MPI A - scalar b Signed-off-by: Tom Cosgrove --- scripts/mbedtls_dev/bignum_core.py | 31 +++++++++++++ tests/suites/test_suite_bignum_core.function | 46 ++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py index 4910daea87..b8e2a31239 100644 --- a/scripts/mbedtls_dev/bignum_core.py +++ b/scripts/mbedtls_dev/bignum_core.py @@ -763,6 +763,37 @@ def mpi_modmul_case_generate() -> None: # BEGIN MERGE SLOT 3 +class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon): + """Test cases for bignum core sub int.""" + count = 0 + symbol = "-" + test_function = "mpi_core_sub_int" + test_name = "mpi_core_sub_int" + input_style = "arch_split" + + @property + def is_valid(self) -> bool: + # This is "sub int", so b is only one limb + if bignum_common.limbs_mpi(self.int_b, self.bits_in_limb) > 1: + return False + return True + + # Overriding because we don't want leading zeros on b + @property + def arg_b(self) -> str: + return self.val_b + + def result(self) -> List[str]: + result = self.int_a - self.int_b + + borrow, result = divmod(result, self.limb_boundary) + + # Borrow will be -1 if non-zero, but we want it to be 1 in the test data + return [ + self.format_result(result), + str(-borrow) + ] + # END MERGE SLOT 3 # BEGIN MERGE SLOT 4 diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function index 612a7c6bd4..d5bb420023 100644 --- a/tests/suites/test_suite_bignum_core.function +++ b/tests/suites/test_suite_bignum_core.function @@ -1049,6 +1049,52 @@ exit: /* BEGIN MERGE SLOT 3 */ +/* BEGIN_CASE */ +void mpi_core_sub_int( char * input_A, char * input_B, + char * input_X, int borrow ) +{ + /* We are testing A - b, where A is an MPI and b is a scalar, expecting + * result X with borrow borrow. However, for ease of handling we encode b + * as a 1-limb MPI (B) in the .data file. */ + + mbedtls_mpi_uint *A = NULL; + mbedtls_mpi_uint *B = NULL; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *R = NULL; + size_t A_limbs, B_limbs, X_limbs; + + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &A, &A_limbs, input_A ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &B, &B_limbs, input_B ) ); + TEST_EQUAL( 0, mbedtls_test_read_mpi_core( &X, &X_limbs, input_X ) ); + + /* The MPI encoding of scalar b must be only 1 limb */ + TEST_EQUAL( B_limbs, 1 ); + + /* The subtraction is fixed-width, so A and X must have the same number of limbs */ + TEST_EQUAL( A_limbs, X_limbs ); + size_t limbs = A_limbs; + + ASSERT_ALLOC( R, limbs ); + +#define TEST_COMPARE_CORE_MPIS( A, B, limbs ) \ + ASSERT_COMPARE( A, (limbs) * sizeof(mbedtls_mpi_uint), B, (limbs) * sizeof(mbedtls_mpi_uint) ) + + /* 1. R = A - b. Result and borrow should be correct */ + TEST_EQUAL( mbedtls_mpi_core_sub_int( R, A, B[0], limbs ), borrow ); + TEST_COMPARE_CORE_MPIS( R, X, limbs ); + + /* 2. A = A - b. Result and borrow should be correct */ + TEST_EQUAL( mbedtls_mpi_core_sub_int( A, A, B[0], limbs ), borrow ); + TEST_COMPARE_CORE_MPIS( A, X, limbs ); + +exit: + mbedtls_free( A ); + mbedtls_free( B ); + mbedtls_free( X ); + mbedtls_free( R ); +} +/* END_CASE */ + /* END MERGE SLOT 3 */ /* BEGIN MERGE SLOT 4 */ From ca09afc60ace53dca16e6d1bea697fc308165423 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 22 Nov 2022 10:05:19 +0000 Subject: [PATCH 117/139] Remove useless function and parse early data in ee Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 72 +++++++++----------------------------- 1 file changed, 17 insertions(+), 55 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 839fe3679a..9db2b79289 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1335,53 +1335,6 @@ static int ssl_tls13_is_downgrade_negotiation( mbedtls_ssl_context *ssl, return( 0 ); } -#if defined(MBEDTLS_SSL_EARLY_DATA) -/* - * ssl_tls13_parse_ee_early_data_ext() - * Parse early data indication extension in EncryptedExtensions. - * - * struct {} Empty; - * - * struct { - * select (Handshake.msg_type) { - * ... - * case client_hello: Empty; - * case encrypted_extensions: Empty; - * }; - * } EarlyDataIndication; - * - */ - -MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_parse_ee_early_data_ext( mbedtls_ssl_context *ssl, - const unsigned char *buf, - size_t len ) -{ - if( ssl->early_data_status < MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) - { - /* The server must not send the EarlyDataIndication if the - * client hasn't indicated the use of early data. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } - - if( len != 0 ) - { - /* The message must be empty. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, - MBEDTLS_ERR_SSL_DECODE_ERROR ); - return( MBEDTLS_ERR_SSL_DECODE_ERROR ); - } - - /* Nothing to parse */ - ((void) buf); - - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - return( 0 ); -} -#endif /* MBEDTLS_SSL_EARLY_DATA */ - /* Returns a negative value on failure, and otherwise * - SSL_SERVER_HELLO or * - SSL_SERVER_HELLO_HRR @@ -2110,16 +2063,25 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - ret = ssl_tls13_parse_ee_early_data_ext( - ssl, p, (size_t)extension_data_len ); - if( ret != 0 ) + if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) { - ssl->early_data_status = - MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; - MBEDTLS_SSL_DEBUG_RET( - 1, "ssl_tls13_parse_ee_early_data_ext", ret ); - return( ret ); + /* The server must not send the EarlyDataIndication if the + * client hasn't indicated the use of early data. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, + MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); + return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); } + + if( extension_data_len != 0 ) + { + /* The message must be empty. */ + MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR, + MBEDTLS_ERR_SSL_DECODE_ERROR ); + return( MBEDTLS_ERR_SSL_DECODE_ERROR ); + } + + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From e861ba01d474034cbde57de9448d697daf8d8349 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 23 Nov 2022 03:21:02 +0000 Subject: [PATCH 118/139] Remove the duplicate early_data_status check Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9db2b79289..57d3adb712 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2063,14 +2063,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_EARLY_DATA) case MBEDTLS_TLS_EXT_EARLY_DATA: - if( ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT ) - { - /* The server must not send the EarlyDataIndication if the - * client hasn't indicated the use of early data. */ - MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER, - MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER ); - } if( extension_data_len != 0 ) { @@ -2080,7 +2072,7 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; break; #endif /* MBEDTLS_SSL_EARLY_DATA */ From b157e915ad29e7e47443a2f624d9cb42c497d487 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 23 Nov 2022 08:12:26 +0000 Subject: [PATCH 119/139] Move the early data status set afeter all of the extensions parse Signed-off-by: Xiaokang Qian --- library/ssl_tls13_client.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 57d3adb712..227c99d478 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2072,8 +2072,6 @@ static int ssl_tls13_parse_encrypted_extensions( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; - break; #endif /* MBEDTLS_SSL_EARLY_DATA */ @@ -2119,6 +2117,14 @@ static int ssl_tls13_process_encrypted_extensions( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_encrypted_extensions( ssl, buf, buf + buf_len ) ); +#if defined(MBEDTLS_SSL_EARLY_DATA) + if( ssl->handshake->received_extensions & + MBEDTLS_SSL_EXT_MASK( EARLY_DATA ) ) + { + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED; + } +#endif + mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len ); From 3518fb11d0be25ca1e69009899b12fd25bfc0c7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Nov 2022 13:14:52 +0100 Subject: [PATCH 120/139] Improve ChangeLog entry for driver-only hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - avoid long unstructured paragraph with long messy sentences - de-emphasize "no longer depends on MD" and emphasize "can work in some driver-only builds" instead - that's what users are interested in (building without MD is just the current way to accomplish that, but that will change in the future) Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-hashes.txt | 41 +++++++++++++----------------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt index a160f924ba..930aadfef0 100644 --- a/ChangeLog.d/driver-only-hashes.txt +++ b/ChangeLog.d/driver-only-hashes.txt @@ -1,24 +1,19 @@ Features - * Some crypto modules that previously depended on MD or a low-level hash - module, either unconditionally (RSA, PK, PKCS5, PKCS12, EC J-PAKE), or - for some features (PEM for encrypted files), are now able to use PSA - Crypto instead when the legacy API is not available. This means it is - now possible to use all features from those modules in configurations - where the built-in implementations of hashes are excluded and the hashes - are only provided by PSA drivers. In these configurations, you need to - call `psa_crypto_init()` before you call any function from those - modules; this is not required in configurations where the built-in - implementation is still available. Note that for modules that use MD - (RSA, PKCS5, PKCS12, EC J-PAKE) in builds that have MBEDTLS_MD_C enabled, - all hashes used with those modules need to be built-in, as drivers are only - used when MBEDTLS_MD_C is disabled; configurations where some hashes are - available as built-ins, and some only from drivers, are currently not - supported. Also note that some crypto modules and features still depend on - the built-in implementation of hashes: MBEDTLS_HKDF_C (but the PSA HKDF - functions do not depend on it), MBEDTLS_ENTROPY_C, MBEDTLS_HMAC_DRBG_C and - MBEDTLS_ECDSA_DETERMINISTIC. In particular, for now, compiling without - built-in hashes requires use of MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. - * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 no - longer depend on MD. This means it is now possible to use them in - configurations where the built-in implementations of hashes are excluded - and the hashes are only provided by PSA drivers. + * Some modules can now use PSA drivers for hashes, including with no + built-in implementation present, but only in some configurations. + - RSA PKCS#1 v2.1, PKCS5, PKCS12 and EC J-PAKE now use hashes from PSA + when (and only when) MBEDTLS_MD_C is disabled. + - PEM parsing of encrypted files now uses MD-5 from PSA when (and only + when) MBEDTLS_MD5_C is disabled. + See the documentation of the corresponding macros in mbedtls_config.h for + details. + Note that some modules are not able to use hashes from PSA yet, including + the entropy module. As a consequence, for now the only way to build with + all hashes only provided by drivers (no built-in hash) is to use + MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. + * When MBEDTLS_USE_PSA_CRYPTO is enabled, X.509, TLS 1.2 and TLS 1.3 now + properly negotiate/accept hashes based on their availability in PSA. + As a consequence, they now work in configurations where the built-in + implementations of (some) hashes are excluded and those hashes are only + provided by PSA drivers. (See previous entry for limitation on RSA-PSS + though: that module only use hashes from PSA when MBEDTLS_MD_C is off). From 42649d9270d9f75b63d55b08a10d334d266d3905 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 23 Nov 2022 14:15:57 +0100 Subject: [PATCH 121/139] Fix NULL+0 undefined behavior in ECB encryption and decryption psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to a null pointer when the cipher does not use an IV. This is undefined behavior, although it works as naively expected on most platforms. This can cause a crash with modern Clang+ASan (depending on compiler optimizations). Signed-off-by: Gilles Peskine --- ChangeLog.d/psa-ecb-ub.txt | 3 ++ library/common.h | 37 +++++++++++++++++++++ library/psa_crypto.c | 4 +-- library/psa_crypto_cipher.c | 23 +++++++------ tests/suites/test_suite_psa_crypto.function | 5 +-- 5 files changed, 58 insertions(+), 14 deletions(-) create mode 100644 ChangeLog.d/psa-ecb-ub.txt diff --git a/ChangeLog.d/psa-ecb-ub.txt b/ChangeLog.d/psa-ecb-ub.txt new file mode 100644 index 0000000000..9d725ac706 --- /dev/null +++ b/ChangeLog.d/psa-ecb-ub.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behavior (typically harmless in practice) in PSA ECB + encryption and decryption. diff --git a/library/common.h b/library/common.h index a630fcc456..53598228b4 100644 --- a/library/common.h +++ b/library/common.h @@ -25,6 +25,7 @@ #include "mbedtls/build_info.h" +#include #include /** Helper to define a function as static except when building invasive tests. @@ -68,6 +69,42 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS +/** Return an offset into a buffer. + * + * This is just the addition of an offset to a pointer, except that this + * function also accepts an offset of 0 into a buffer whose pointer is null. + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline unsigned char *mbedtls_buffer_offset( + unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + +/** Return an offset into a read-only buffer. + * + * This is just the addition of an offset to a pointer, except that this + * function also accepts an offset of 0 into a buffer whose pointer is null. + * + * \param p Pointer to a buffer of at least n bytes. + * This may be \p NULL if \p n is zero. + * \param n An offset in bytes. + * \return Pointer to offset \p n in the buffer \p p. + * Note that this is only a valid pointer if the size of the + * buffer is at least \p n + 1. + */ +static inline const unsigned char *mbedtls_buffer_offset_const( + const unsigned char *p, size_t n ) +{ + return( p == NULL ? NULL : p + n ); +} + /** Byte Reading Macros * * Given a multi-byte integer \p x, MBEDTLS_BYTE_n retrieves the n-th diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8c9deffadf..e881f2f3cb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3454,8 +3454,8 @@ psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key, status = psa_driver_wrapper_cipher_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, local_iv, default_iv_length, input, input_length, - output + default_iv_length, output_size - default_iv_length, - output_length ); + mbedtls_buffer_offset( output, default_iv_length ), + output_size - default_iv_length, output_length ); exit: unlock_status = psa_unlock_key_slot( slot ); diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 70dc74d748..91a0e3b30d 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -516,10 +516,10 @@ psa_status_t mbedtls_psa_cipher_encrypt( if( status != PSA_SUCCESS ) goto exit; - status = mbedtls_psa_cipher_finish( &operation, - output + update_output_length, - output_size - update_output_length, - &finish_output_length ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, update_output_length ), + output_size - update_output_length, &finish_output_length ); if( status != PSA_SUCCESS ) goto exit; @@ -563,17 +563,20 @@ psa_status_t mbedtls_psa_cipher_decrypt( goto exit; } - status = mbedtls_psa_cipher_update( &operation, input + operation.iv_length, - input_length - operation.iv_length, - output, output_size, &olength ); + status = mbedtls_psa_cipher_update( + &operation, + mbedtls_buffer_offset_const( input, operation.iv_length ), + input_length - operation.iv_length, + output, output_size, &olength ); if( status != PSA_SUCCESS ) goto exit; accumulated_length = olength; - status = mbedtls_psa_cipher_finish( &operation, output + accumulated_length, - output_size - accumulated_length, - &olength ); + status = mbedtls_psa_cipher_finish( + &operation, + mbedtls_buffer_offset( output, accumulated_length ), + output_size - accumulated_length, &olength ); if( status != PSA_SUCCESS ) goto exit; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ca1614befa..1f3b3b64a6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4,6 +4,7 @@ #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/oid.h" +#include "common.h" /* For MBEDTLS_CTR_DRBG_MAX_REQUEST, knowing that psa_generate_random() * uses mbedtls_ctr_drbg internally. */ @@ -3983,7 +3984,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data, TEST_LE_U( length, output_buffer_size ); output_length += length; PSA_ASSERT( psa_cipher_finish( &operation, - output + output_length, + mbedtls_buffer_offset( output, output_length ), output_buffer_size - output_length, &length ) ); output_length += length; @@ -4001,7 +4002,7 @@ void cipher_alg_without_iv( int alg_arg, int key_type_arg, data_t *key_data, TEST_LE_U( length, output_buffer_size ); output_length += length; PSA_ASSERT( psa_cipher_finish( &operation, - output + output_length, + mbedtls_buffer_offset( output, output_length ), output_buffer_size - output_length, &length ) ); output_length += length; From 4a8c9e2cff36efea58220d124f4850de67352f77 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 26 Oct 2022 18:49:09 +0200 Subject: [PATCH 122/139] tls13: Add definition of mbedtls_ssl_{write,read}_early_data Signed-off-by: Ronald Cron --- docs/architecture/tls13-support.md | 172 +++++++++++++++++++++++++++++ include/mbedtls/ssl.h | 162 +++++++++++++++++++++++++-- library/ssl_tls13_client.c | 8 +- 3 files changed, 326 insertions(+), 16 deletions(-) diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md index f30590bd47..85482ba9ed 100644 --- a/docs/architecture/tls13-support.md +++ b/docs/architecture/tls13-support.md @@ -478,3 +478,175 @@ outbound message on server side as well. * state change: the state change is done in the main state handler to ease the navigation of the state machine transitions. + + +Writing and reading early or 0-RTT data +--------------------------------------- + +An application function to write and send a buffer of data to a server through +TLS may plausibly look like: + +``` +int write_data( mbedtls_ssl_context *ssl, + const unsigned char *data_to_write, + size_t data_to_write_len, + size_t *data_written ) +{ + *data_written = 0; + + while( *data_written < data_to_write_len ) + { + ret = mbedtls_ssl_write( ssl, data_to_write + *data_written, + data_to_write_len - *data_written ); + + if( ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + return( ret ); + } + + *data_written += ret; + } + + return( 0 ); +} +``` +where ssl is the SSL context to use, data_to_write the address of the data +buffer and data_to_write_len the number of data bytes. The handshake may +not be completed, not even started for the SSL context ssl when the function is +called and in that case the mbedtls_ssl_write() API takes care transparently of +completing the handshake before to write and send data to the server. The +mbedtls_ssl_write() may not been able to write and send all data in one go thus +the need for a loop calling it as long as there are still data to write and +send. + +An application function to write and send early data and only early data, +data sent during the first flight of client messages while the handshake is in +its initial phase, would look completely similar but the call to +mbedtls_ssl_write_early_data() instead of mbedtls_ssl_write(). +``` +int write_early_data( mbedtls_ssl_context *ssl, + const unsigned char *data_to_write, + size_t data_to_write_len, + size_t *data_written ) +{ + *data_written = 0; + + while( *data_written < data_to_write_len ) + { + ret = mbedtls_ssl_write_early_data( ssl, data_to_write + *data_written, + data_to_write_len - *data_written ); + + if( ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + return( ret ); + } + + *data_written += ret; + } + + return( 0 ); +} +``` +Note that compared to write_data(), write_early_data() can also return +MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA and that should be handled +specifically by the user of write_early_data(). A fresh SSL context (typically +just after a call to mbedtls_ssl_setup() or mbedtls_ssl_session_reset()) would +be expected when calling `write_early_data`. + +All together, code to write and send a buffer of data as long as possible as +early data and then as standard post-handshake application data could +plausibly look like: + +``` +ret = write_early_data( ssl, data_to_write, data_to_write_len, + &early_data_written ); +if( ret < 0 && + ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA ) +{ + goto error; +} + +ret = write_data( ssl, data_to_write + early_data_written, + data_to_write_len - early_data_written, &data_written ); +if( ret < 0 ) + goto error; + +data_written += early_data_written; +``` + +Finally, taking into account that the server may reject early data, application +code to write and send a buffer of data could plausibly look like: +``` +ret = write_early_data( ssl, data_to_write, data_to_write_len, + &early_data_written ); +if( ret < 0 && + ret != MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA ) +{ + goto error; +} + +/* + * Make sure the handshake is completed as it is a requisite to + * mbedtls_ssl_get_early_data_status(). + */ +while( !mbedtls_ssl_is_handshake_over( ssl ) ) +{ + ret = mbedtls_ssl_handshake( ssl ); + if( ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + goto error; + } +} + +ret = mbedtls_ssl_get_early_data_status( ssl ); +if( ret < 0 ) + goto error; + +if( ret == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED ) + early_data_written = 0; + +ret = write_data( ssl, data_to_write + early_data_written, + data_to_write_len - early_data_written, &data_written ); +if( ret < 0 ) + goto error; + +data_written += early_data_written; +``` + +Basically, the same holds for reading early data on the server side without the +complication of possible rejection. An application function to read early data +into a given buffer could plausibly look like: +``` +int read_early_data( mbedtls_ssl_context *ssl, + unsigned char *buffer, + size_t buffer_size, + size_t *data_len ) +{ + *data_len = 0; + + while( *data_len < buffer_size ) + { + ret = mbedtls_ssl_read_early_data( ssl, buffer + *data_len, + buffer_size - *data_len ); + + if( ret < 0 && + ret != MBEDTLS_ERR_SSL_WANT_READ && + ret != MBEDTLS_ERR_SSL_WANT_WRITE ) + { + return( ret ); + } + + *data_len += ret; + } + + return( 0 ); +} +``` +with again calls to read_early_data() expected to be done with a fresh SSL +context. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index dddaaea39b..ea58661088 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -96,15 +96,16 @@ /* Error space gap */ /** Processing of the Certificate handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00 +/* Error space gap */ /** * Received NewSessionTicket Post Handshake Message. * This error code is experimental and may be changed or removed without notice. */ #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00 -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ -/* Error space gap */ +/** Not possible to read early data */ +#define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA -0x7B80 +/** Not possible to write early data */ +#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA -0x7C00 /* Error space gap */ /* Error space gap */ /* Error space gap */ @@ -806,14 +807,6 @@ typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert; typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item; #endif -#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) -#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT 2 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3 -#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 4 -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) typedef uint8_t mbedtls_ssl_tls13_ticket_flags; @@ -4897,6 +4890,151 @@ int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl, */ int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl ); +#if defined(MBEDTLS_SSL_EARLY_DATA) + +#if defined(MBEDTLS_SSL_SRV_C) +/** + * \brief Read at most 'len' application data bytes while performing + * the handshake (early data). + * + * \note This function behaves mainly as mbedtls_ssl_read(). The + * specification of mbedtls_ssl_read() relevant to TLS 1.3 + * (thus not the parts specific to (D)TLS 1.2) applies to this + * function and the present documentation is restricted to the + * differences with mbedtls_ssl_read(). + * + * \param ssl SSL context + * \param buf buffer that will hold the data + * \param len maximum number of bytes to read + * + * \return One additional specific return value: + * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA. + * + * #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA is returned when it + * is not possible to read early data for the SSL context + * \p ssl. + * + * It may have been possible and it is not possible + * anymore because the server received the End of Early Data + * message or the maximum number of allowed early data for the + * PSK in use has been reached. + * + * It may never have been possible and will never be possible + * for the SSL context \p ssl because the use of early data + * is disabled for that context or more generally the context + * is not suitably configured to enable early data or the + * client does not use early data or the first call to the + * function was done while the handshake was already too + * advanced to gather and accept early data. + * + * It is not possible to read early data for the SSL context + * \p ssl but this does not preclude for using it with + * mbedtls_ssl_write(), mbedtls_ssl_read() or + * mbedtls_ssl_handshake(). + * + * \note When a server wants to retrieve early data, it is expected + * that this function starts the handshake for the SSL context + * \p ssl. But this is not mandatory. + * + */ +int mbedtls_ssl_read_early_data( mbedtls_ssl_context *ssl, + unsigned char *buf, size_t len ); +#endif /* MBEDTLS_SSL_SRV_C */ + +#if defined(MBEDTLS_SSL_CLI_C) +/** + * \brief Try to write exactly 'len' application data bytes while + * performing the handshake (early data). + * + * \note This function behaves mainly as mbedtls_ssl_write(). The + * specification of mbedtls_ssl_write() relevant to TLS 1.3 + * (thus not the parts specific to (D)TLS1.2) applies to this + * function and the present documentation is restricted to the + * differences with mbedtls_ssl_write(). + * + * \param ssl SSL context + * \param buf buffer holding the data + * \param len how many bytes must be written + * + * \return One additional specific return value: + * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA. + * + * #MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA is returned when it + * is not possible to write early data for the SSL context + * \p ssl. + * + * It may have been possible and it is not possible + * anymore because the client received the server Finished + * message, the server rejected early data or the maximum + * number of allowed early data for the PSK in use has been + * reached. + * + * It may never have been possible and will never be possible + * for the SSL context \p ssl because the use of early data + * is disabled for that context or more generally the context + * is not suitably configured to enable early data or the first + * call to the function was done while the handshake was + * already completed. + * + * It is not possible to write early data for the SSL context + * \p ssl but this does not preclude for using it with + * mbedtls_ssl_write(), mbedtls_ssl_read() or + * mbedtls_ssl_handshake(). + * + * \note This function may write early data only if the SSL context + * has been configured for the handshake with a PSK for which + * early data is allowed. + * + * \note To maximize the number of early data that can be written in + * the course of the handshake, it is expected that this + * function starts the handshake for the SSL context \p ssl. + * But this is not mandatory. + * + * \note This function does not provide any information on whether + * the server has accepted or will accept early data or not. + * When it returns a positive value, it just means that it + * has written early data to the server. To know whether the + * server has accepted early data or not, you should call + * mbedtls_ssl_get_early_data_status() with the handshake + * completed. + */ +int mbedtls_ssl_write_early_data( mbedtls_ssl_context *ssl, + const unsigned char *buf, size_t len ); + +#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1 +#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2 +/** + * \brief Get the status of the negotiation of the use of early data. + * + * \param ssl The SSL context to query + * + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * from the server-side. + * + * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called + * prior to completion of the handshake. + * + * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT if the client has + * not indicated the use of early data to the server. + * + * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED if the client has + * indicated the use of early data and the server has accepted + * it. + * + * \return #MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED if the client has + * indicated the use of early data but the server has rejected + * it. In this situation, the client may want to re-send the + * early data it may have tried to send by calling + * mbedtls_ssl_write_early_data() as ordinary post-handshake + * application data by calling mbedtls_ssl_write(). + * + */ +int mbedtls_ssl_get_early_data_status( mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_SSL_CLI_C */ + +#endif /* MBEDTLS_SSL_EARLY_DATA */ + /** * \brief Free referenced items in an SSL context and clear memory * diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 9d2e69e3e5..0109f776c0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1183,11 +1183,11 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl, return( ret ); p += ext_len; - /* Initializes the status to `indication sent`. It will be updated to - * `accepted` or `rejected` depending on whether the EncryptedExtension - * message will contain an early data indication extension or not. + /* Initializes the status to `rejected`. It will be updated to + * `accepted` if the EncryptedExtension message contain an early data + * indication extension. */ - ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT; + ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED; } else { From 4c7cf7d742dce297c772fdf94f2de9d8a7237dab Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 9 Nov 2022 14:07:43 +0100 Subject: [PATCH 123/139] Add low level subtraction with modulus Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.c | 10 ++++++++++ library/bignum_mod_raw.h | 20 ++++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index b43add77d3..9a8e3ee9a2 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -108,6 +108,16 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, /* BEGIN MERGE SLOT 2 */ +void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + const mbedtls_mpi_mod_modulus *N ) +{ + mbedtls_mpi_uint c = mbedtls_mpi_core_sub( X, A, B, N->limbs ); + + (void) mbedtls_mpi_core_add_if( X, N->p, N->limbs, c ); +} + /* END MERGE SLOT 2 */ /* BEGIN MERGE SLOT 3 */ diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index f738e917e1..0f1b0c0de1 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -144,6 +144,26 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, /* BEGIN MERGE SLOT 2 */ +/** \brief Perform a subtraction of two MPIs and return the modulus + * of the result. + * + * The size of the operation is determined by \p N. + * + * \param[out] X The address of the result MPI. + * This must be initialized. Must have enough limbs to + * store the full value of the result. + * \param[in] A The address of the first MPI. This must be initialized. + * \param[in] B The address of the second MPI. This must be initialized. + * \param[in] N The address of the modulus. Use to perform a modulu + * operation on the result of the subtraction. + * + * \note Both \p A and \p B must be smaller than the modulus \p N. + */ +void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X, + const mbedtls_mpi_uint *A, + const mbedtls_mpi_uint *B, + const mbedtls_mpi_mod_modulus *N ); + /* END MERGE SLOT 2 */ /* BEGIN MERGE SLOT 3 */ From cefe03a10cb0e6010670cc9c265c6c1891130f6b Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 15 Nov 2022 18:50:17 +0100 Subject: [PATCH 124/139] Add tests for low level subtraction with modulus Signed-off-by: Gabor Mezei --- tests/suites/test_suite_bignum_mod_raw.data | 39 ++++++++++++++ .../suites/test_suite_bignum_mod_raw.function | 53 +++++++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/tests/suites/test_suite_bignum_mod_raw.data b/tests/suites/test_suite_bignum_mod_raw.data index 8cbd918f88..9290ef4f99 100644 --- a/tests/suites/test_suite_bignum_mod_raw.data +++ b/tests/suites/test_suite_bignum_mod_raw.data @@ -185,6 +185,45 @@ mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA # BEGIN MERGE SLOT 2 +mbedtls_mpi_mod_raw_sub: 0 - 0, mod 2 +mpi_mod_raw_sub:"0":"0":"2":"0" + +mbedtls_mpi_mod_raw_sub: 0 - 1, mod 2 +mpi_mod_raw_sub:"0":"1":"2":"1" + +mbedtls_mpi_mod_raw_sub: 1 - 0, mod 2 +mpi_mod_raw_sub:"1":"0":"2":"1" + +mbedtls_mpi_mod_raw_sub: 9 - 2, mod 10 +mpi_mod_raw_sub:"9":"2":"A":"7" + +mbedtls_mpi_mod_raw_sub: 6 - 7, mod 10 +mpi_mod_raw_sub:"6":"7":"A":"9" + +mbedtls_mpi_mod_raw_sub: 4 byte values, first is bigger +mpi_mod_raw_sub:"7DE15401":"5553FE19":"971F63D9":"288D55E8" + +mbedtls_mpi_mod_raw_sub: 4 byte values, second is bigger +mpi_mod_raw_sub:"58AB5FB1":"B7AFCADC":"DBD9D998":"7CD56E6D" + +mbedtls_mpi_mod_raw_sub: 8 byte values, first is bigger +mpi_mod_raw_sub:"8FE975EFDF264BDF":"6A4E956C95C1649E":"BB63D38C3AF7922E":"259AE0834964E741" + +mbedtls_mpi_mod_raw_sub: 8 byte values, second is bigger +mpi_mod_raw_sub:"0D6A093316013F68":"39DA803DB5C41434":"509876EAB3D1C663":"2427FFE0140EF197" + +mbedtls_mpi_mod_raw_sub: 16 byte values, first is bigger +mpi_mod_raw_sub:"94789C046DEC921C4EF12561271EEB12":"3AD8A050F6CC00354FDE5557E1839859":"A52A910D219A87F4F174FD9481873CEE":"599FFBB3772091E6FF12D009459B52B9" + +mbedtls_mpi_mod_raw_sub: 16 byte values, second is bigger +mpi_mod_raw_sub:"14D92E888E1274EDC37CA73B20B1F8BF":"8B7281E720762FD849948DCFA3CCC7F6":"94D3A7DE6456850BF05EB88B486DD4CD":"1E3A547FD1F2CA216A46D1F6C5530596" + +mbedtls_mpi_mod_raw_sub: 256 byte values, first is bigger +mpi_mod_raw_sub:"A39EE6C3FACCF07EEDDF235E8B31DBF843D2040AE2076B357EDD65FA16E639B9AA22451B9BA9E740343DC4BB0B1E6991B58084E1294A8849A326CAAC736514448D3D45464D5AC9D965046CD258923D892A027C89F4801DC754CAFC0418CF673D04D05E56074F46F59BD89CDE1D11168623293B564141DF7098EBCA253B10B4756C8897E4D23190AC943CE03AAFA7A76BCB8A44D8C76A3ABEC8F854BAD7333E80AAF2FA9A8D8BF148FD257396CD3B8E1418F0EE7C148146BF3DABF22C42E22A5397AC1CFFD77222D16700CDAAC8D9AB6CE1FD7A9DC7C826617748A7489AB77535F51BD9671FBCD1ADA63B4B780F46D325856F91DE68316CA34FEC645055614096":"66FF62A95E9CB6DE7242182484F223EDC6AE1E480773854A40A9EA2AD2349EA134722BCB9D8F55DBFA535CB919CE9A4933660F38DC08848D8A1442044AE3519D697DC85D999F525428A93D8347D975A54FDC46233402DD0E19E67F2146D49DB2990C88C0548DC14EE82E4A56F9C23B0119EC624FDF889D29BA4AB2B85040537649CF210C8F5712F0FD5B05CDA71949A1070FE9D28BF2D57D1D0D5DFD290E97060CA67A83F7C6F463E359E50102C6452E0EEAC3C0638264748466BA836C6CDAEB38B86F3A002324EE8C8690EC4E832692EA0216F71196E883209B62379B73E4474994554ADD57E4095A1004F475923EA44F553F325483328F7776A8DEB6A330F7":"CBB1EA630FEB95DCD8E54CE32CDC2CB7C42FDF8174B534F95247575399CAACBCAC7B6B35494E64308866ADD71C3AAB3875A0444635275F08EB77B52039559B1C9764EA1DA7F36676C4FAEB6F210DC6934156DB306ABDD75460CE3728C307A4829B7015CF1F4C7F086D30AE3B1045353FD590E36383F354AC8CCD38B65887D27F00B2862E0DD1DA0C5003BE346E4DB3980728334EE8DBABD649CE893F17CE64468E552F02EFBF4AF29F75CE032507412531B7B64F4B08BA971E83B3564602BB07129782879E04960319CBD885F6E83AD71D26C14FD5382087D24A6C7D201D0A25B772D194ED64EDC4B153BBB64CC51947752F6AF4E0DBE50EBBF215531144C139":"3C9F841A9C3039A07B9D0B3A063FB80A7D23E5C2DA93E5EB3E337BCF44B19B1875B0194FFE1A916439EA6801F14FCF48821A75A84D4203BC191288A82881C2A723BF7CE8B3BB77853C5B2F4F10B8C7E3DA263666C07D40B93AE47CE2D1FAC98A6BC3D595B2C185A6B3AA5287234EDB85093CD90661B94246DEA1176CEAD060FF22B976D842DA7DBB96E1DA6D088E5DCAC47A5B063B776541ABEAF6BDAE24A77A9E4C801695C4FCE519CB8E95CA7548E60A062ABBB0FEE24AB94537A8D6754F685EF3ADC5D74EFDE2DA7A3CBE7A5684D9F7FB63A6B6313DDE56AD4510FF4390EEAB87841C4264EDA44C2B468399B49481361A52AC13AE3A13D875BB719EBE0F9F" + +mbedtls_mpi_mod_raw_sub: 256 byte values, second is bigger +mpi_mod_raw_sub:"974663D69B8161A296AB77AD971DDA0672BE34E1EE5DB71D68AF76926CFB8C698AB19B45CD6F829260403839088DDF7E5339966D2D51DAC9E6EABB5C797739953D7537FC4B59EF089E5D0845C5501ECBEDECE2575AE8FC67D46E0B59DDED9528D66EF664D8415887CEC9641C0CBCB45B5EA921263B025EC4A7389695C95F7F17737FB4D42B8DA97BB8B4173276156D87E82F6EC157E1980EFBF0D9144CAB42797B5B0B0FA3D4008034456488202F213A7C28C19D514C111530F6895FAAA243BEFCDAB5CAEF4908F31AA2736BE287B81677F36A22C698FE964F88CDF8EE3DC7780735986627297BF63CA9EE8E9754FD443CE45E50165CF444A5CF538657D7E028":"A3B1E589E726DF39C69C7FFAF4A98D20D38F2DFB4DBCDF25FB95B93405C3DF0A2BE1940A3B5F9076389434D943750B48F5C44D13EB5C4502484D21BE3E7CC17BFC4C8AA12EE2EDF0014A64435678A489D0D28EFE2C54F5FBE262A32D27EF8B0172D3E8A40CF00856EDA21BFCD516DE3899838C535031DE227440B6A97B9A58398B6D8DB2CCE10230D9E738655B30022E737CF716F7C6E1C27D30E30FBA57C1A0224B929C6496B9D3DE40B8258211D8889C747069274F30887A717A95FEA4A4AE292F7ECAAFA69995B2ACA5A98F2AB850B291C3B935B260D598189732D2F9BAECC3A49603AEE5AA14D02393834C66B7F3D41D266264806F46533FC1044E52EF67":"B28F0A9BC32356B8DA0A7C0B96E0A7BF1A724C723486B13E050CE1A87A1FCA8868A3DA57C2F04EC578759A32EA96B3113EFA757586BBF93EE422CA2EE5A649D4B38D07729314B4E6E652886027DA61FD5AF4A2B1C38F5465D6B0310DF95D389CCC748961EDA8F24F57B18E3C485467CC13898325A77B609996EC23A9C312A37C135BBB49C50956B7FB2FD4FFE7A1F85538C19E8D84255184B6D98ED49F506831A1CA5198706F887D6F243E49CBC803B205F1FF87CA6E18859BFDB1FADF084F7F696B0C2AC7742ECC37A8270FAF00454D4C152C18AAE80D17B84B3E03CC38BD68E2D28A903F3CB2DC5C4FD2341E5F323B164AF996ADCF45619101BA65AC6B12EE":"A62388E8777DD921AA1973BE3954F4A4B9A15358D527893572269F06E15777E7C773E193550040E1A0219D92AFAF87469C6FBECEC8B18F0682C063CD20A0C1EDF4B5B4CDAF8BB5FF83652C6296B1DC3F780EF60AF2235AD1C8BB993AAF5B42C4300F9722B8FA428038D8D65B7FFA3DEED8AF17F8924BE13BC9E4039610D7CA59FB6DE26B23B5FE02D9FCB3CD028763AEAD741637E44007D1359984D931A3E90AFAD9CA0BAFACCF29C528EAAC69E54C63E5A650BBF46AF9125282C0C48B05EE903D16432B07169E299F9DF4D2025D45131176D2823BCEAAD86FBB74C9E77CC9F426638CF2B78084BDC8D62D3F694D778B7F1231845FABCA5FE3914CE7B5F003AF" + # END MERGE SLOT 2 # BEGIN MERGE SLOT 3 diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 4adccce25b..22a73e0323 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -275,6 +275,59 @@ exit: /* BEGIN MERGE SLOT 2 */ +/* BEGIN_CASE */ +void mpi_mod_raw_sub( char * input_A, + char * input_B, + char * input_N, + char * result ) +{ + mbedtls_mpi_uint *A = NULL; + mbedtls_mpi_uint *B = NULL; + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *res = NULL; + size_t limbs_A; + size_t limbs_B; + size_t limbs_N; + size_t limbs_res; + + TEST_EQUAL( mbedtls_test_read_mpi_core( &A, &limbs_A, input_A ), 0 ); + TEST_EQUAL( mbedtls_test_read_mpi_core( &B, &limbs_B, input_B ), 0 ); + TEST_EQUAL( mbedtls_test_read_mpi_core( &N, &limbs_N, input_N ), 0 ); + TEST_EQUAL( mbedtls_test_read_mpi_core( &res, &limbs_res, result ), 0 ); + + size_t limbs = limbs_N; + size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); + + TEST_ASSERT( limbs_A <= limbs ); + TEST_ASSERT( limbs_B <= limbs ); + TEST_ASSERT( limbs_res <= limbs ); + + ASSERT_ALLOC( X, limbs ); + + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init( &m ); + + TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( + &m, N, limbs, + MBEDTLS_MPI_MOD_EXT_REP_BE, + MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); + + mbedtls_mpi_mod_raw_sub( X, A, B, &m ); + + ASSERT_COMPARE( X, bytes, res, bytes ); + +exit: + mbedtls_free( A ); + mbedtls_free( B ); + mbedtls_free( X ); + mbedtls_free( res ); + + mbedtls_mpi_mod_modulus_free( &m ); + mbedtls_free( N ); +} +/* END_CASE */ + /* END MERGE SLOT 2 */ /* BEGIN MERGE SLOT 3 */ From c426d9b6cc48d2e957c1f0ddeceb2810e878bc24 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 15 Nov 2022 18:51:20 +0100 Subject: [PATCH 125/139] Add generated test for low level subtraction with modulus Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/bignum_mod_raw.py | 90 +++++++++++++++++++++++++++ tests/CMakeLists.txt | 1 + tests/Makefile | 1 + 3 files changed, 92 insertions(+) diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 60f2feded6..5d4bda2a7d 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -30,6 +30,96 @@ class BignumModRawTarget(test_data_generation.BaseTarget): # BEGIN MERGE SLOT 2 +class BignumModRawSub(BignumModRawOperation): + """Test cases for bignum mod raw sub.""" + count = 0 + symbol = "-" + test_function = "mpi_mod_raw_sub" + test_name = "mbedtls_mpi_mod_raw_sub" + unique_combinations_only = False + + input_values = [ + "0", "1", "fe", "ff", "fffe", "ffff", + "fffffffffffffffe", "ffffffffffffffff", + "fffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffff", + "1234567890abcdef01234567890abcdef0", + "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", + ( + "14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb383bb4a570294c4ea3" + "738d243a6e58d5ca49c7b59b995253fd6c79a3de69f85e3131f3b9238224b122" + "c3e4a892d9196ada4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f" + "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecfd160c5d0ef412ed6" + ) + ] + + modulus_values = [ + "7", "ff", + "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43", + "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff67", + ( + "c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b2c9d156f8e4e18ab" + "f5e052cb01f47d0d1925a77f60991577e128fb6f52f34a27950a594baadd3d80" + "57abeb222cf3cca962db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130" + "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c8287b3996cf6ad5223" + ), + ( + "5c083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4" + "fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac0" + "83126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf" + "3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac05d2" + ) + ] + + descr_tpl = '{} #{} \"{}\" - \"{}\" % \"{}\".' + + BITS_IN_LIMB = 32 + + @property + def boundary(self) -> int: + return self.int_n + + @property + def x(self): # pylint: disable=invalid-name + return (self.int_a - self.int_b) % self.int_n if self.int_n > 0 else 0 + + @property + def hex_x(self) -> str: + return format(self.x, 'x').zfill(self.hex_digits) + + def description(self) -> str: + return self.descr_tpl.format(self.test_name, + self.count, + self.int_a, + self.int_b, + self.int_n) + + def arguments(self) -> List[str]: + return [bignum_common.quote_str(n) for n in [self.hex_a, + self.hex_b, + self.hex_n, + self.hex_x]] + + def result(self) -> List[str]: + return [self.hex_x] + + @classmethod + def generate_function_tests(cls) -> Iterator[test_case.TestCase]: + for a_value, b_value in cls.get_value_pairs(): + int_a = bignum_common.hex_to_int(a_value) + int_b = bignum_common.hex_to_int(b_value) + highest = max(int_a, int_b) + + # Choose a modulus bigger then the arguments + for n_value in cls.modulus_values: + int_n = bignum_common.hex_to_int(n_value) + if highest < int_n: + yield cls(n_value, a_value, b_value, cls.BITS_IN_LIMB).create_test_case() + # END MERGE SLOT 2 # BEGIN MERGE SLOT 3 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index c23cb6b3d9..0ef6fdbc4c 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -70,6 +70,7 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_core.py + ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod_raw.py ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py ) diff --git a/tests/Makefile b/tests/Makefile index 7c08f54e14..0b31cdd076 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -94,6 +94,7 @@ $(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data generated_bignum_test_data: scripts/generate_bignum_tests.py generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py +generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod_raw.py generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py generated_bignum_test_data: ../scripts/mbedtls_dev/test_data_generation.py generated_bignum_test_data: From 3411e949cdc202824634af489ad5492ef46210d9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 16 Nov 2022 11:31:00 +0100 Subject: [PATCH 126/139] Cas variable to proper type Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c index 9a8e3ee9a2..6c694b0c58 100644 --- a/library/bignum_mod_raw.c +++ b/library/bignum_mod_raw.c @@ -115,7 +115,7 @@ void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X, { mbedtls_mpi_uint c = mbedtls_mpi_core_sub( X, A, B, N->limbs ); - (void) mbedtls_mpi_core_add_if( X, N->p, N->limbs, c ); + (void) mbedtls_mpi_core_add_if( X, N->p, N->limbs, (unsigned) c ); } /* END MERGE SLOT 2 */ From 02d2313829b1dad945b95873a502fd8dcd248559 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Nov 2022 13:09:43 +0100 Subject: [PATCH 127/139] Fix documentation Signed-off-by: Gabor Mezei --- library/bignum_mod_raw.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h index 0f1b0c0de1..05fa9d6ac8 100644 --- a/library/bignum_mod_raw.h +++ b/library/bignum_mod_raw.h @@ -144,20 +144,22 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A, /* BEGIN MERGE SLOT 2 */ -/** \brief Perform a subtraction of two MPIs and return the modulus - * of the result. +/** \brief Subtract two MPIs, returning the residue modulo the specified + * modulus. * - * The size of the operation is determined by \p N. + * The size of the operation is determined by \p N. \p A and \p B must have + * the same number of limbs as \p N. + * + * \p X may be aliased to \p A or \p B, or even both, but may not overlap + * either otherwise. * * \param[out] X The address of the result MPI. * This must be initialized. Must have enough limbs to * store the full value of the result. * \param[in] A The address of the first MPI. This must be initialized. * \param[in] B The address of the second MPI. This must be initialized. - * \param[in] N The address of the modulus. Use to perform a modulu + * \param[in] N The address of the modulus. Used to perform a modulo * operation on the result of the subtraction. - * - * \note Both \p A and \p B must be smaller than the modulus \p N. */ void mbedtls_mpi_mod_raw_sub( mbedtls_mpi_uint *X, const mbedtls_mpi_uint *A, From 68a45e0aaff5409e75d2eee01d179dcbd29e59fd Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Nov 2022 13:12:51 +0100 Subject: [PATCH 128/139] Fix potential not initialized warning Signed-off-by: Gabor Mezei --- tests/suites/test_suite_bignum_mod_raw.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 22a73e0323..aaf26ca794 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -291,6 +291,9 @@ void mpi_mod_raw_sub( char * input_A, size_t limbs_N; size_t limbs_res; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init( &m ); + TEST_EQUAL( mbedtls_test_read_mpi_core( &A, &limbs_A, input_A ), 0 ); TEST_EQUAL( mbedtls_test_read_mpi_core( &B, &limbs_B, input_B ), 0 ); TEST_EQUAL( mbedtls_test_read_mpi_core( &N, &limbs_N, input_N ), 0 ); @@ -305,9 +308,6 @@ void mpi_mod_raw_sub( char * input_A, ASSERT_ALLOC( X, limbs ); - mbedtls_mpi_mod_modulus m; - mbedtls_mpi_mod_modulus_init( &m ); - TEST_EQUAL( mbedtls_mpi_mod_modulus_setup( &m, N, limbs, MBEDTLS_MPI_MOD_EXT_REP_BE, From 4d3f3c54305b06c084ea8e9b6f64339d6e5174bc Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Nov 2022 13:14:15 +0100 Subject: [PATCH 129/139] Fix the checking of the used limbs Signed-off-by: Gabor Mezei --- tests/suites/test_suite_bignum_mod_raw.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index aaf26ca794..256ec9dcb7 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -302,9 +302,9 @@ void mpi_mod_raw_sub( char * input_A, size_t limbs = limbs_N; size_t bytes = limbs * sizeof( mbedtls_mpi_uint ); - TEST_ASSERT( limbs_A <= limbs ); - TEST_ASSERT( limbs_B <= limbs ); - TEST_ASSERT( limbs_res <= limbs ); + TEST_EQUAL( limbs_A, limbs ); + TEST_EQUAL( limbs_B, limbs ); + TEST_EQUAL( limbs_res, limbs ); ASSERT_ALLOC( X, limbs ); From b3b34666575f0a1ac8e828fa5efb12d42ecb4da5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Nov 2022 13:17:13 +0100 Subject: [PATCH 130/139] Test subtraction if the parameters are aliased to each other Signed-off-by: Gabor Mezei --- .../suites/test_suite_bignum_mod_raw.function | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function index 256ec9dcb7..2d9e412280 100644 --- a/tests/suites/test_suite_bignum_mod_raw.function +++ b/tests/suites/test_suite_bignum_mod_raw.function @@ -314,9 +314,29 @@ void mpi_mod_raw_sub( char * input_A, MBEDTLS_MPI_MOD_REP_MONTGOMERY ), 0 ); mbedtls_mpi_mod_raw_sub( X, A, B, &m ); - ASSERT_COMPARE( X, bytes, res, bytes ); + /* alias X to A */ + memcpy( X, A, bytes ); + mbedtls_mpi_mod_raw_sub( X, X, B, &m ); + ASSERT_COMPARE( X, bytes, res, bytes ); + + /* alias X to B */ + memcpy( X, B, bytes ); + mbedtls_mpi_mod_raw_sub( X, A, X, &m ); + ASSERT_COMPARE( X, bytes, res, bytes ); + + /* A == B: alias A and B */ + if( memcmp( A, B, bytes ) == 0 ) + { + mbedtls_mpi_mod_raw_sub( X, A, A, &m ); + ASSERT_COMPARE( X, bytes, res, bytes ); + + /* X, A, B all aliased together */ + memcpy( X, A, bytes ); + mbedtls_mpi_mod_raw_sub( X, X, X, &m ); + ASSERT_COMPARE( X, bytes, res, bytes ); + } exit: mbedtls_free( A ); mbedtls_free( B ); From 6157fee306e581f12d4affc2b7eec2f5cb72d556 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 23 Nov 2022 16:13:13 +0100 Subject: [PATCH 131/139] Unify defintions of inline for MSVC (and old armcc?) Having multiple definitions was cumbersome, and meant we might forget the definition when adding an inline definition to a file that didn't have one before (as I did when I added an inline definition in common.h). Resolves #6649. Signed-off-by: Gilles Peskine --- include/mbedtls/aes.h | 5 ----- include/mbedtls/build_info.h | 6 ++++++ include/mbedtls/cipher.h | 5 ----- include/mbedtls/error.h | 5 ----- include/mbedtls/pem.h | 5 ----- include/mbedtls/pk.h | 5 ----- 6 files changed, 6 insertions(+), 25 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index c359011227..1cd20fe06c 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -61,11 +61,6 @@ /** Invalid input data. */ #define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021 -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #ifdef __cplusplus extern "C" { #endif diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 170cbebbee..362ce2fd59 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -53,6 +53,12 @@ #define _CRT_SECURE_NO_DEPRECATE 1 #endif +/* Define `inline` on some non-C99-compliant compilers. */ +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" #else diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index a3f52ea71f..151da1d83e 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -46,11 +46,6 @@ #define MBEDTLS_CIPHER_MODE_STREAM #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /** The selected feature is not available. */ #define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080 /** Bad input parameters. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index eb8391311f..04e0896055 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -26,11 +26,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /** * Error code layout. * diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index c75a1246ad..a4c6fb89f9 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -27,11 +27,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /** * \name PEM Error codes * These error codes are returned in case of errors reading the diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 867961d329..db0bfacab3 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -44,11 +44,6 @@ #include "psa/crypto.h" #endif -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /** Memory allocation failed. */ #define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80 /** Type mismatch, eg attempt to encrypt with an ECDSA key */ From 6b3c0c59433d5354e255fbdc3e6c5a37299a34b4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 23 Nov 2022 16:45:05 +0100 Subject: [PATCH 132/139] Update the test case generator Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/bignum_mod_raw.py | 93 ++++----------------------- 1 file changed, 11 insertions(+), 82 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py index 5d4bda2a7d..c271048548 100644 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ b/scripts/mbedtls_dev/bignum_mod_raw.py @@ -30,95 +30,24 @@ class BignumModRawTarget(test_data_generation.BaseTarget): # BEGIN MERGE SLOT 2 -class BignumModRawSub(BignumModRawOperation): - """Test cases for bignum mod raw sub.""" - count = 0 +class BignumModRawSub(bignum_common.ModOperationCommon, + BignumModRawTarget): + """Test cases for bignum mpi_mod_raw_sub().""" symbol = "-" test_function = "mpi_mod_raw_sub" test_name = "mbedtls_mpi_mod_raw_sub" - unique_combinations_only = False - - input_values = [ - "0", "1", "fe", "ff", "fffe", "ffff", - "fffffffffffffffe", "ffffffffffffffff", - "fffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffff", - "1234567890abcdef01234567890abcdef0", - "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f", - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", - ( - "14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb383bb4a570294c4ea3" - "738d243a6e58d5ca49c7b59b995253fd6c79a3de69f85e3131f3b9238224b122" - "c3e4a892d9196ada4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f" - "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecfd160c5d0ef412ed6" - ) - ] - - modulus_values = [ - "7", "ff", - "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43", - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff67", - ( - "c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b2c9d156f8e4e18ab" - "f5e052cb01f47d0d1925a77f60991577e128fb6f52f34a27950a594baadd3d80" - "57abeb222cf3cca962db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130" - "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c8287b3996cf6ad5223" - ), - ( - "5c083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4" - "fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac0" - "83126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf" - "3b645a1cac083126e978d4fdf3b645a1cac083126e978d4fdf3b645a1cac05d2" - ) - ] - - descr_tpl = '{} #{} \"{}\" - \"{}\" % \"{}\".' - - BITS_IN_LIMB = 32 - - @property - def boundary(self) -> int: - return self.int_n - - @property - def x(self): # pylint: disable=invalid-name - return (self.int_a - self.int_b) % self.int_n if self.int_n > 0 else 0 - - @property - def hex_x(self) -> str: - return format(self.x, 'x').zfill(self.hex_digits) - - def description(self) -> str: - return self.descr_tpl.format(self.test_name, - self.count, - self.int_a, - self.int_b, - self.int_n) + input_style = "fixed" + arity = 2 def arguments(self) -> List[str]: - return [bignum_common.quote_str(n) for n in [self.hex_a, - self.hex_b, - self.hex_n, - self.hex_x]] + return [bignum_common.quote_str(n) for n in [self.arg_a, + self.arg_b, + self.arg_n] + ] + self.result() def result(self) -> List[str]: - return [self.hex_x] - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for a_value, b_value in cls.get_value_pairs(): - int_a = bignum_common.hex_to_int(a_value) - int_b = bignum_common.hex_to_int(b_value) - highest = max(int_a, int_b) - - # Choose a modulus bigger then the arguments - for n_value in cls.modulus_values: - int_n = bignum_common.hex_to_int(n_value) - if highest < int_n: - yield cls(n_value, a_value, b_value, cls.BITS_IN_LIMB).create_test_case() + result = (self.int_a - self.int_b) % self.int_n + return [self.format_result(result)] # END MERGE SLOT 2 From fecc6b2fe49d8ca8567080f289c876210e6c4f75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 24 Nov 2022 09:40:12 +0100 Subject: [PATCH 133/139] Minor tune-up to ChangeLog & documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - fix a recurring typo - use clearer names Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-hashes.txt | 4 ++-- include/mbedtls/mbedtls_config.h | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt index 930aadfef0..6ccd199ba1 100644 --- a/ChangeLog.d/driver-only-hashes.txt +++ b/ChangeLog.d/driver-only-hashes.txt @@ -1,8 +1,8 @@ Features * Some modules can now use PSA drivers for hashes, including with no built-in implementation present, but only in some configurations. - - RSA PKCS#1 v2.1, PKCS5, PKCS12 and EC J-PAKE now use hashes from PSA - when (and only when) MBEDTLS_MD_C is disabled. + - RSA OAEP and PSS (PKCS#1 v2.1), PKCS5, PKCS12 and EC J-PAKE now use + hashes from PSA when (and only when) MBEDTLS_MD_C is disabled. - PEM parsing of encrypted files now uses MD-5 from PSA when (and only when) MBEDTLS_MD5_C is disabled. See the documentation of the corresponding macros in mbedtls_config.h for diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b16a5b4d49..0688073b12 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1147,7 +1147,7 @@ * before doing any PKCS#1 v2.1 operation. * * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by * this module in builds where MBEDTLS_MD_C is disabled. * @@ -2440,7 +2440,7 @@ * before doing any EC J-PAKE operations. * * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by * this module in builds where MBEDTLS_MD_C is disabled. */ @@ -2788,7 +2788,7 @@ * before doing any PKCS5 operation. * * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by * this module in builds where MBEDTLS_MD_C is disabled. * @@ -2812,7 +2812,7 @@ * before doing any PKCS12 operation. * * \warning When building with MBEDTLS_MD_C, all hashes used with this - * need to be available a built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, + * need to be available as built-ins (that is, for SHA-256, MBEDTLS_SHA256_C, * etc.) as opposed to just PSA drivers. So far, PSA drivers are only used by * this module in builds where MBEDTLS_MD_C is disabled. * From cbcbf4e4340b92380960ac7fe1267b9ab869a8f6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 24 Nov 2022 11:48:59 +0100 Subject: [PATCH 134/139] Remove hand-written tests got raw_mod_sub The generated tests cover all off the hand-written tests. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_bignum_mod_raw.data | 39 --------------------- 1 file changed, 39 deletions(-) diff --git a/tests/suites/test_suite_bignum_mod_raw.data b/tests/suites/test_suite_bignum_mod_raw.data index 9290ef4f99..8cbd918f88 100644 --- a/tests/suites/test_suite_bignum_mod_raw.data +++ b/tests/suites/test_suite_bignum_mod_raw.data @@ -185,45 +185,6 @@ mpi_mod_raw_cond_swap:"00000000FFFFFFFF55555555AAAAAAAA":"FEDCBA9876543210FEDCBA # BEGIN MERGE SLOT 2 -mbedtls_mpi_mod_raw_sub: 0 - 0, mod 2 -mpi_mod_raw_sub:"0":"0":"2":"0" - -mbedtls_mpi_mod_raw_sub: 0 - 1, mod 2 -mpi_mod_raw_sub:"0":"1":"2":"1" - -mbedtls_mpi_mod_raw_sub: 1 - 0, mod 2 -mpi_mod_raw_sub:"1":"0":"2":"1" - -mbedtls_mpi_mod_raw_sub: 9 - 2, mod 10 -mpi_mod_raw_sub:"9":"2":"A":"7" - -mbedtls_mpi_mod_raw_sub: 6 - 7, mod 10 -mpi_mod_raw_sub:"6":"7":"A":"9" - -mbedtls_mpi_mod_raw_sub: 4 byte values, first is bigger -mpi_mod_raw_sub:"7DE15401":"5553FE19":"971F63D9":"288D55E8" - -mbedtls_mpi_mod_raw_sub: 4 byte values, second is bigger -mpi_mod_raw_sub:"58AB5FB1":"B7AFCADC":"DBD9D998":"7CD56E6D" - -mbedtls_mpi_mod_raw_sub: 8 byte values, first is bigger -mpi_mod_raw_sub:"8FE975EFDF264BDF":"6A4E956C95C1649E":"BB63D38C3AF7922E":"259AE0834964E741" - -mbedtls_mpi_mod_raw_sub: 8 byte values, second is bigger -mpi_mod_raw_sub:"0D6A093316013F68":"39DA803DB5C41434":"509876EAB3D1C663":"2427FFE0140EF197" - -mbedtls_mpi_mod_raw_sub: 16 byte values, first is bigger -mpi_mod_raw_sub:"94789C046DEC921C4EF12561271EEB12":"3AD8A050F6CC00354FDE5557E1839859":"A52A910D219A87F4F174FD9481873CEE":"599FFBB3772091E6FF12D009459B52B9" - -mbedtls_mpi_mod_raw_sub: 16 byte values, second is bigger -mpi_mod_raw_sub:"14D92E888E1274EDC37CA73B20B1F8BF":"8B7281E720762FD849948DCFA3CCC7F6":"94D3A7DE6456850BF05EB88B486DD4CD":"1E3A547FD1F2CA216A46D1F6C5530596" - -mbedtls_mpi_mod_raw_sub: 256 byte values, first is bigger -mpi_mod_raw_sub:"A39EE6C3FACCF07EEDDF235E8B31DBF843D2040AE2076B357EDD65FA16E639B9AA22451B9BA9E740343DC4BB0B1E6991B58084E1294A8849A326CAAC736514448D3D45464D5AC9D965046CD258923D892A027C89F4801DC754CAFC0418CF673D04D05E56074F46F59BD89CDE1D11168623293B564141DF7098EBCA253B10B4756C8897E4D23190AC943CE03AAFA7A76BCB8A44D8C76A3ABEC8F854BAD7333E80AAF2FA9A8D8BF148FD257396CD3B8E1418F0EE7C148146BF3DABF22C42E22A5397AC1CFFD77222D16700CDAAC8D9AB6CE1FD7A9DC7C826617748A7489AB77535F51BD9671FBCD1ADA63B4B780F46D325856F91DE68316CA34FEC645055614096":"66FF62A95E9CB6DE7242182484F223EDC6AE1E480773854A40A9EA2AD2349EA134722BCB9D8F55DBFA535CB919CE9A4933660F38DC08848D8A1442044AE3519D697DC85D999F525428A93D8347D975A54FDC46233402DD0E19E67F2146D49DB2990C88C0548DC14EE82E4A56F9C23B0119EC624FDF889D29BA4AB2B85040537649CF210C8F5712F0FD5B05CDA71949A1070FE9D28BF2D57D1D0D5DFD290E97060CA67A83F7C6F463E359E50102C6452E0EEAC3C0638264748466BA836C6CDAEB38B86F3A002324EE8C8690EC4E832692EA0216F71196E883209B62379B73E4474994554ADD57E4095A1004F475923EA44F553F325483328F7776A8DEB6A330F7":"CBB1EA630FEB95DCD8E54CE32CDC2CB7C42FDF8174B534F95247575399CAACBCAC7B6B35494E64308866ADD71C3AAB3875A0444635275F08EB77B52039559B1C9764EA1DA7F36676C4FAEB6F210DC6934156DB306ABDD75460CE3728C307A4829B7015CF1F4C7F086D30AE3B1045353FD590E36383F354AC8CCD38B65887D27F00B2862E0DD1DA0C5003BE346E4DB3980728334EE8DBABD649CE893F17CE64468E552F02EFBF4AF29F75CE032507412531B7B64F4B08BA971E83B3564602BB07129782879E04960319CBD885F6E83AD71D26C14FD5382087D24A6C7D201D0A25B772D194ED64EDC4B153BBB64CC51947752F6AF4E0DBE50EBBF215531144C139":"3C9F841A9C3039A07B9D0B3A063FB80A7D23E5C2DA93E5EB3E337BCF44B19B1875B0194FFE1A916439EA6801F14FCF48821A75A84D4203BC191288A82881C2A723BF7CE8B3BB77853C5B2F4F10B8C7E3DA263666C07D40B93AE47CE2D1FAC98A6BC3D595B2C185A6B3AA5287234EDB85093CD90661B94246DEA1176CEAD060FF22B976D842DA7DBB96E1DA6D088E5DCAC47A5B063B776541ABEAF6BDAE24A77A9E4C801695C4FCE519CB8E95CA7548E60A062ABBB0FEE24AB94537A8D6754F685EF3ADC5D74EFDE2DA7A3CBE7A5684D9F7FB63A6B6313DDE56AD4510FF4390EEAB87841C4264EDA44C2B468399B49481361A52AC13AE3A13D875BB719EBE0F9F" - -mbedtls_mpi_mod_raw_sub: 256 byte values, second is bigger -mpi_mod_raw_sub:"974663D69B8161A296AB77AD971DDA0672BE34E1EE5DB71D68AF76926CFB8C698AB19B45CD6F829260403839088DDF7E5339966D2D51DAC9E6EABB5C797739953D7537FC4B59EF089E5D0845C5501ECBEDECE2575AE8FC67D46E0B59DDED9528D66EF664D8415887CEC9641C0CBCB45B5EA921263B025EC4A7389695C95F7F17737FB4D42B8DA97BB8B4173276156D87E82F6EC157E1980EFBF0D9144CAB42797B5B0B0FA3D4008034456488202F213A7C28C19D514C111530F6895FAAA243BEFCDAB5CAEF4908F31AA2736BE287B81677F36A22C698FE964F88CDF8EE3DC7780735986627297BF63CA9EE8E9754FD443CE45E50165CF444A5CF538657D7E028":"A3B1E589E726DF39C69C7FFAF4A98D20D38F2DFB4DBCDF25FB95B93405C3DF0A2BE1940A3B5F9076389434D943750B48F5C44D13EB5C4502484D21BE3E7CC17BFC4C8AA12EE2EDF0014A64435678A489D0D28EFE2C54F5FBE262A32D27EF8B0172D3E8A40CF00856EDA21BFCD516DE3899838C535031DE227440B6A97B9A58398B6D8DB2CCE10230D9E738655B30022E737CF716F7C6E1C27D30E30FBA57C1A0224B929C6496B9D3DE40B8258211D8889C747069274F30887A717A95FEA4A4AE292F7ECAAFA69995B2ACA5A98F2AB850B291C3B935B260D598189732D2F9BAECC3A49603AEE5AA14D02393834C66B7F3D41D266264806F46533FC1044E52EF67":"B28F0A9BC32356B8DA0A7C0B96E0A7BF1A724C723486B13E050CE1A87A1FCA8868A3DA57C2F04EC578759A32EA96B3113EFA757586BBF93EE422CA2EE5A649D4B38D07729314B4E6E652886027DA61FD5AF4A2B1C38F5465D6B0310DF95D389CCC748961EDA8F24F57B18E3C485467CC13898325A77B609996EC23A9C312A37C135BBB49C50956B7FB2FD4FFE7A1F85538C19E8D84255184B6D98ED49F506831A1CA5198706F887D6F243E49CBC803B205F1FF87CA6E18859BFDB1FADF084F7F696B0C2AC7742ECC37A8270FAF00454D4C152C18AAE80D17B84B3E03CC38BD68E2D28A903F3CB2DC5C4FD2341E5F323B164AF996ADCF45619101BA65AC6B12EE":"A62388E8777DD921AA1973BE3954F4A4B9A15358D527893572269F06E15777E7C773E193550040E1A0219D92AFAF87469C6FBECEC8B18F0682C063CD20A0C1EDF4B5B4CDAF8BB5FF83652C6296B1DC3F780EF60AF2235AD1C8BB993AAF5B42C4300F9722B8FA428038D8D65B7FFA3DEED8AF17F8924BE13BC9E4039610D7CA59FB6DE26B23B5FE02D9FCB3CD028763AEAD741637E44007D1359984D931A3E90AFAD9CA0BAFACCF29C528EAAC69E54C63E5A650BBF46AF9125282C0C48B05EE903D16432B07169E299F9DF4D2025D45131176D2823BCEAAD86FBB74C9E77CC9F426638CF2B78084BDC8D62D3F694D778B7F1231845FABCA5FE3914CE7B5F003AF" - # END MERGE SLOT 2 # BEGIN MERGE SLOT 3 From 4bdb9fbfa2fed35bffd675e56ed9028b08387520 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 24 Nov 2022 22:21:15 +0100 Subject: [PATCH 135/139] Enable all ciphers in OpenSSL >=1.1.0 OpenSSL may be configured to support features such as cipher suites or protocol versions that are disabled by default. Enable them all: we're testing, we don't care about enabling insecure stuff. This is not needed with the builds of OpenSSL that we're currently using on the Jenkins CI, but it's needed with more recent versions such as typically found on developer machines, and with future CI additions. The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we don't need to do anything special with earlier versions. With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates, which is still needed for a few test cases in ssl-opt.sh. Curiously, this is also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and no other, including other DHE-PSK or ARIA cipher suites). Signed-off-by: Gilles Peskine --- tests/compat.sh | 14 ++++++++++++++ tests/ssl-opt.sh | 14 ++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index d681217127..529c2c5422 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -595,6 +595,20 @@ setup_arguments() G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE" G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL" + # Newer versions of OpenSSL have a syntax to enable all "ciphers", even + # low-security ones. This covers not just cipher suites but also protocol + # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on + # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in + # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find + # a way to discover it from -help, so check the openssl version. + case $($OPENSSL_CMD version) in + "OpenSSL 0"*|"OpenSSL 1.0"*) :;; + *) + O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0" + O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0" + ;; + esac + if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b460c67dc1..c6f6e29635 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1689,6 +1689,20 @@ if [ -n "${OPENSSL_LEGACY:-}" ]; then O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" fi +# Newer versions of OpenSSL have a syntax to enable all "ciphers", even +# low-security ones. This covers not just cipher suites but also protocol +# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on +# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in +# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find +# a way to discover it from -help, so check the openssl version. +case $($OPENSSL_CMD version) in + "OpenSSL 0"*|"OpenSSL 1.0"*) :;; + *) + O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" + O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" + ;; +esac + if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" From 187db00399dc05c1e1ad29adf55a9f480334a780 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 23 Nov 2022 14:30:00 +0100 Subject: [PATCH 136/139] Update the Travis "full" build to use modern Clang Don't use an all.sh component because there isn't one that does what we want (modern Clang with ASan, and test everything). * We need to set CC explicitly or tweak PATH, because clang in $PATH on Travis focal instances is Clang 7 which is too old (we want Clang 10). * Travis lacks the array of versions of openssl and gnutls that we normally use for testing, so we need to exclude some tests (or build our own multiple versions of openssl and gnutls). The SSL test exclusions are ad hoc and based on what currently works. Signed-off-by: Gilles Peskine --- .travis.yml | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 67cb3ca61e..eaf817a7b9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,8 +25,40 @@ jobs: - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration + os: linux + dist: focal + addons: + apt: + packages: + - clang-10 + - gnutls-bin script: - - tests/scripts/all.sh -k test_full_cmake_gcc_asan + # Do a manual build+test sequence rather than using all.sh, + # because there's no all.sh component that does what we want, + # which is a build with Clang >= 10 and ASan, running all the SSL + # testing. + # - The clang executable in the default PATH is Clang 7 on + # Travis's focal instances, but we want Clang >= 10. + # - Running all the SSL testing requires a specific set of + # OpenSSL and GnuTLS versions and we don't want to bother + # with those on Travis. + # So we explicitly select clang-10 as the compiler, and we + # have ad hoc restrictions on SSL testing based on what is + # passing at the time of writing. We will remove these limitations + # gradually. + - make generated_files + - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' + - make test + - programs/test/selftest + - tests/scripts/test_psa_constant_names.py + - tests/ssl-opt.sh + # Modern OpenSSL does not support fixed ECDH or null ciphers. + - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-' + - tests/scripts/travis-log-failure.sh + # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. + - tests/compat.sh -p GnuTLS -e 'CAMELLIA' + - tests/scripts/travis-log-failure.sh + - tests/context-info.sh - name: Windows os: windows From 12269e27b190ae399916c81c02ded099864c1b28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 25 Nov 2022 05:51:02 +0100 Subject: [PATCH 137/139] Add changelog for PKCS7 parser MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- ChangeLog.d/pkcs7-parser.txt | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 ChangeLog.d/pkcs7-parser.txt diff --git a/ChangeLog.d/pkcs7-parser.txt b/ChangeLog.d/pkcs7-parser.txt new file mode 100644 index 0000000000..7f85f0ce1d --- /dev/null +++ b/ChangeLog.d/pkcs7-parser.txt @@ -0,0 +1,13 @@ +Features + * Added partial support for parsing the PKCS7 cryptographic message syntax, + as defined in RFC 2315. Currently, support is limited to the following: + - Only the signed data content type, version 1 is supported. + - Only DER encoding is supported. + - Only a single digest algorithm per message is supported. + - Only 0 or 1, certificate is supported per message, which must be in + X509 format. + - There is no support for certificate-revocation lists. + - The authenticated and unauthenticated attribute fields of SignerInfo + must be empty. + Many thanks to Daniel Axtens, Nayna Jain, and Nick Child from IBM for + contributing this feature. From 5a34b36bbd329254dd0a305fe32019d5cba6aa66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Nov 2022 13:26:18 +0100 Subject: [PATCH 138/139] Remove more now-redundant definitions of inline Signed-off-by: Gilles Peskine --- include/psa/crypto_platform.h | 5 ----- library/aria.c | 5 ----- library/chacha20.c | 5 ----- library/debug.c | 5 ----- library/ecp.c | 5 ----- library/ecp_curves.c | 5 ----- library/mps_reader.c | 5 ----- library/poly1305.c | 5 ----- library/ssl_misc.h | 5 ----- 9 files changed, 45 deletions(-) diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 47ab1cf9f2..573b33c856 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -45,11 +45,6 @@ /* PSA requires several types which C99 provides in stdint.h. */ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) /* Building for the PSA Crypto service on a PSA platform, a key owner is a PSA diff --git a/library/aria.c b/library/aria.c index 924f952834..5e52eea91e 100644 --- a/library/aria.c +++ b/library/aria.c @@ -37,11 +37,6 @@ #include "mbedtls/platform_util.h" -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Parameter validation macros */ #define ARIA_VALIDATE_RET( cond ) \ MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ) diff --git a/library/chacha20.c b/library/chacha20.c index e53eb82f54..85d7461aac 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -36,11 +36,6 @@ #if !defined(MBEDTLS_CHACHA20_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define ROTL32( value, amount ) \ ( (uint32_t) ( (value) << (amount) ) | ( (value) >> ( 32 - (amount) ) ) ) diff --git a/library/debug.c b/library/debug.c index bdbf6dd11e..6114a460fd 100644 --- a/library/debug.c +++ b/library/debug.c @@ -30,11 +30,6 @@ #include #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define DEBUG_BUF_SIZE 512 static int debug_threshold = 0; diff --git a/library/ecp.c b/library/ecp.c index 37f6090a83..cd7d5543c3 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -88,11 +88,6 @@ #include "ecp_internal_alt.h" -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_SELF_TEST) /* * Counts of point addition and doubling, and field multiplications. diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 7b142370dd..5cd2828f73 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -39,11 +39,6 @@ #define ECP_VALIDATE( cond ) \ MBEDTLS_INTERNAL_VALIDATE( cond ) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)} #define ECP_MPI_INIT_ARRAY(x) \ diff --git a/library/mps_reader.c b/library/mps_reader.c index 36958b46b8..6f823bde15 100644 --- a/library/mps_reader.c +++ b/library/mps_reader.c @@ -29,11 +29,6 @@ #include -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #if defined(MBEDTLS_MPS_ENABLE_TRACE) static int mbedtls_mps_trace_id = MBEDTLS_MPS_TRACE_BIT_READER; #endif /* MBEDTLS_MPS_ENABLE_TRACE */ diff --git a/library/poly1305.c b/library/poly1305.c index 0850f66a34..4d0cdee257 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -32,11 +32,6 @@ #if !defined(MBEDTLS_POLY1305_ALT) -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - #define POLY1305_BLOCK_SIZE_BYTES ( 16U ) /* diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 4d7f63547d..59910e4ea3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -56,11 +56,6 @@ #include "common.h" -#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ - !defined(inline) && !defined(__cplusplus) -#define inline __inline -#endif - /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ defined(MBEDTLS_SSL_CLI_C) && \ From 7d23778178582afa9033bcbb2264300bac3767c6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Nov 2022 13:34:59 +0100 Subject: [PATCH 139/139] Explain why p + n isn't good enough Signed-off-by: Gilles Peskine --- library/common.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/common.h b/library/common.h index 53598228b4..25d5294e1a 100644 --- a/library/common.h +++ b/library/common.h @@ -73,6 +73,9 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c * * This is just the addition of an offset to a pointer, except that this * function also accepts an offset of 0 into a buffer whose pointer is null. + * (`p + n` has undefined behavior when `p` is null, even when `n == 0`. + * A null pointer is a valid buffer pointer when the size is 0, for example + * as the result of `malloc(0)` on some platforms.) * * \param p Pointer to a buffer of at least n bytes. * This may be \p NULL if \p n is zero. @@ -89,8 +92,7 @@ static inline unsigned char *mbedtls_buffer_offset( /** Return an offset into a read-only buffer. * - * This is just the addition of an offset to a pointer, except that this - * function also accepts an offset of 0 into a buffer whose pointer is null. + * Similar to mbedtls_buffer_offset(), but for const pointers. * * \param p Pointer to a buffer of at least n bytes. * This may be \p NULL if \p n is zero.