mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-08-08 17:42:09 +03:00
Update ssl progs to restore build
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
This commit is contained in:
Ben Taylor
@@ -9,7 +9,9 @@
|
|||||||
|
|
||||||
#include "ssl_test_lib.h"
|
#include "ssl_test_lib.h"
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
#include "test/psa_crypto_helpers.h"
|
#include "test/psa_crypto_helpers.h"
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
|
#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
|
||||||
int main(void)
|
int main(void)
|
||||||
@@ -143,7 +145,7 @@ int main(void)
|
|||||||
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
" key_opaque=%%d Handle your private key as if it were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
@@ -170,6 +172,7 @@ int main(void)
|
|||||||
" psk=%%s default: \"\" (disabled)\n" \
|
" psk=%%s default: \"\" (disabled)\n" \
|
||||||
" The PSK values are in hex, without 0x.\n" \
|
" The PSK values are in hex, without 0x.\n" \
|
||||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#define USAGE_PSK_SLOT \
|
#define USAGE_PSK_SLOT \
|
||||||
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
||||||
" Enable this to store the PSK configured through command line\n" \
|
" Enable this to store the PSK configured through command line\n" \
|
||||||
@@ -182,6 +185,7 @@ int main(void)
|
|||||||
" with prepopulated key slots instead of importing raw key material.\n"
|
" with prepopulated key slots instead of importing raw key material.\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK_SLOT ""
|
#define USAGE_PSK_SLOT ""
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
@@ -305,9 +309,14 @@ int main(void)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#define USAGE_ECJPAKE \
|
#define USAGE_ECJPAKE \
|
||||||
" ecjpake_pw=%%s default: none (disabled)\n" \
|
" ecjpake_pw=%%s default: none (disabled)\n" \
|
||||||
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
||||||
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#define USAGE_ECJPAKE \
|
||||||
|
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
#define USAGE_ECJPAKE ""
|
#define USAGE_ECJPAKE ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
@@ -479,7 +488,9 @@ struct options {
|
|||||||
const char *crt_file; /* the file with the client certificate */
|
const char *crt_file; /* the file with the client certificate */
|
||||||
const char *key_file; /* the file with the client key */
|
const char *key_file; /* the file with the client key */
|
||||||
int key_opaque; /* handle private key as if it were opaque */
|
int key_opaque; /* handle private key as if it were opaque */
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int psk_opaque;
|
int psk_opaque;
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
int ca_callback; /* Use callback for trusted certificate list */
|
int ca_callback; /* Use callback for trusted certificate list */
|
||||||
#endif
|
#endif
|
||||||
@@ -487,7 +498,9 @@ struct options {
|
|||||||
const char *psk; /* the pre-shared key */
|
const char *psk; /* the pre-shared key */
|
||||||
const char *psk_identity; /* the pre-shared key identity */
|
const char *psk_identity; /* the pre-shared key identity */
|
||||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
||||||
|
#endif
|
||||||
int ec_max_ops; /* EC consecutive operations limit */
|
int ec_max_ops; /* EC consecutive operations limit */
|
||||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
@@ -811,12 +824,16 @@ int main(int argc, char *argv[])
|
|||||||
|
|
||||||
const char *pers = "ssl_client2";
|
const char *pers = "ssl_client2";
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
psa_algorithm_t alg = 0;
|
psa_algorithm_t alg = 0;
|
||||||
psa_key_attributes_t key_attributes;
|
psa_key_attributes_t key_attributes;
|
||||||
#endif
|
#endif
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
|
#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
|
psa_status_t status;
|
||||||
|
#endif
|
||||||
|
|
||||||
rng_context_t rng;
|
rng_context_t rng;
|
||||||
mbedtls_ssl_context ssl;
|
mbedtls_ssl_context ssl;
|
||||||
@@ -833,7 +850,9 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_x509_crt clicert;
|
mbedtls_x509_crt clicert;
|
||||||
mbedtls_pk_context pkey;
|
mbedtls_pk_context pkey;
|
||||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||||
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
const int *list;
|
const int *list;
|
||||||
@@ -858,9 +877,10 @@ int main(int argc, char *argv[])
|
|||||||
MBEDTLS_TLS_SRTP_UNSET
|
MBEDTLS_TLS_SRTP_UNSET
|
||||||
};
|
};
|
||||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
|
||||||
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
|
mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
|
||||||
@@ -887,6 +907,7 @@ int main(int argc, char *argv[])
|
|||||||
memset((void *) alpn_list, 0, sizeof(alpn_list));
|
memset((void *) alpn_list, 0, sizeof(alpn_list));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
status = psa_crypto_init();
|
status = psa_crypto_init();
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||||
@@ -894,6 +915,7 @@ int main(int argc, char *argv[])
|
|||||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||||
mbedtls_test_enable_insecure_external_rng();
|
mbedtls_test_enable_insecure_external_rng();
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||||
@@ -920,13 +942,17 @@ int main(int argc, char *argv[])
|
|||||||
opt.key_opaque = DFL_KEY_OPAQUE;
|
opt.key_opaque = DFL_KEY_OPAQUE;
|
||||||
opt.key_pwd = DFL_KEY_PWD;
|
opt.key_pwd = DFL_KEY_PWD;
|
||||||
opt.psk = DFL_PSK;
|
opt.psk = DFL_PSK;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
opt.psk_opaque = DFL_PSK_OPAQUE;
|
opt.psk_opaque = DFL_PSK_OPAQUE;
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
opt.ca_callback = DFL_CA_CALLBACK;
|
opt.ca_callback = DFL_CA_CALLBACK;
|
||||||
#endif
|
#endif
|
||||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
||||||
|
#endif
|
||||||
opt.ec_max_ops = DFL_EC_MAX_OPS;
|
opt.ec_max_ops = DFL_EC_MAX_OPS;
|
||||||
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
@@ -1101,7 +1127,7 @@ usage:
|
|||||||
} else if (strcmp(p, "key_pwd") == 0) {
|
} else if (strcmp(p, "key_pwd") == 0) {
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
}
|
}
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if (strcmp(p, "key_opaque") == 0) {
|
else if (strcmp(p, "key_opaque") == 0) {
|
||||||
opt.key_opaque = atoi(q);
|
opt.key_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
@@ -1126,9 +1152,11 @@ usage:
|
|||||||
else if (strcmp(p, "psk") == 0) {
|
else if (strcmp(p, "psk") == 0) {
|
||||||
opt.psk = q;
|
opt.psk = q;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
else if (strcmp(p, "psk_opaque") == 0) {
|
else if (strcmp(p, "psk_opaque") == 0) {
|
||||||
opt.psk_opaque = atoi(q);
|
opt.psk_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
else if (strcmp(p, "ca_callback") == 0) {
|
else if (strcmp(p, "ca_callback") == 0) {
|
||||||
opt.ca_callback = atoi(q);
|
opt.ca_callback = atoi(q);
|
||||||
@@ -1139,9 +1167,11 @@ usage:
|
|||||||
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
||||||
opt.ecjpake_pw = q;
|
opt.ecjpake_pw = q;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||||
opt.ecjpake_pw_opaque = atoi(q);
|
opt.ecjpake_pw_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
else if (strcmp(p, "ec_max_ops") == 0) {
|
else if (strcmp(p, "ec_max_ops") == 0) {
|
||||||
opt.ec_max_ops = atoi(q);
|
opt.ec_max_ops = atoi(q);
|
||||||
} else if (strcmp(p, "force_ciphersuite") == 0) {
|
} else if (strcmp(p, "force_ciphersuite") == 0) {
|
||||||
@@ -1470,6 +1500,7 @@ usage:
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
if (opt.psk == NULL) {
|
if (opt.psk == NULL) {
|
||||||
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
||||||
@@ -1484,6 +1515,7 @@ usage:
|
|||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
if (opt.force_ciphersuite[0] > 0) {
|
if (opt.force_ciphersuite[0] > 0) {
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||||
@@ -1518,6 +1550,7 @@ usage:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||||
@@ -1529,6 +1562,7 @@ usage:
|
|||||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
@@ -1752,6 +1786,7 @@ usage:
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.key_opaque != 0) {
|
if (opt.key_opaque != 0) {
|
||||||
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
||||||
psa_key_usage_t usage = 0;
|
psa_key_usage_t usage = 0;
|
||||||
@@ -1770,6 +1805,7 @@ usage:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
mbedtls_printf(" ok (key type: %s)\n",
|
mbedtls_printf(" ok (key type: %s)\n",
|
||||||
strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
|
strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
|
||||||
@@ -1970,6 +2006,7 @@ usage:
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
key_attributes = psa_key_attributes_init();
|
key_attributes = psa_key_attributes_init();
|
||||||
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
|
||||||
@@ -1990,6 +2027,7 @@ usage:
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
if (psk_len > 0) {
|
if (psk_len > 0) {
|
||||||
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
||||||
(const unsigned char *) opt.psk_identity,
|
(const unsigned char *) opt.psk_identity,
|
||||||
@@ -2060,6 +2098,7 @@ usage:
|
|||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
@@ -2085,6 +2124,7 @@ usage:
|
|||||||
}
|
}
|
||||||
mbedtls_printf("using opaque password\n");
|
mbedtls_printf("using opaque password\n");
|
||||||
} else
|
} else
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
{
|
{
|
||||||
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
||||||
(const unsigned char *) opt.ecjpake_pw,
|
(const unsigned char *) opt.ecjpake_pw,
|
||||||
@@ -3166,10 +3206,13 @@ exit:
|
|||||||
mbedtls_x509_crt_free(&clicert);
|
mbedtls_x509_crt_free(&clicert);
|
||||||
mbedtls_x509_crt_free(&cacert);
|
mbedtls_x509_crt_free(&cacert);
|
||||||
mbedtls_pk_free(&pkey);
|
mbedtls_pk_free(&pkey);
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_destroy_key(key_slot);
|
psa_destroy_key(key_slot);
|
||||||
|
#endif
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
/* This is ok even if the slot hasn't been
|
/* This is ok even if the slot hasn't been
|
||||||
* initialized (we might have jumed here
|
* initialized (we might have jumed here
|
||||||
@@ -3186,9 +3229,11 @@ exit:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||||
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
/*
|
/*
|
||||||
* In case opaque keys it's the user responsibility to keep the key valid
|
* In case opaque keys it's the user responsibility to keep the key valid
|
||||||
* for the duration of the handshake and destroy it at the end
|
* for the duration of the handshake and destroy it at the end
|
||||||
@@ -3207,8 +3252,9 @@ exit:
|
|||||||
psa_destroy_key(ecjpake_pw_slot);
|
psa_destroy_key(ecjpake_pw_slot);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
const char *message = mbedtls_test_helper_is_psa_leaking();
|
const char *message = mbedtls_test_helper_is_psa_leaking();
|
||||||
if (message) {
|
if (message) {
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
@@ -3216,11 +3262,14 @@ exit:
|
|||||||
}
|
}
|
||||||
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||||
|
|
||||||
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
||||||
* resources are freed by rng_free(). */
|
* resources are freed by rng_free(). */
|
||||||
|
#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
|
||||||
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
!defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||||
mbedtls_psa_crypto_free();
|
mbedtls_psa_crypto_free();
|
||||||
|
#endif
|
||||||
|
|
||||||
rng_free(&rng);
|
rng_free(&rng);
|
||||||
|
|
||||||
|
|||||||
@@ -53,7 +53,9 @@ int main(void)
|
|||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
#include "test/psa_crypto_helpers.h"
|
#include "test/psa_crypto_helpers.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "mbedtls/pk.h"
|
#include "mbedtls/pk.h"
|
||||||
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
|
||||||
@@ -203,7 +205,7 @@ int main(void)
|
|||||||
#else
|
#else
|
||||||
#define USAGE_IO ""
|
#define USAGE_IO ""
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
#define USAGE_KEY_OPAQUE \
|
#define USAGE_KEY_OPAQUE \
|
||||||
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
" key_opaque=%%d Handle your private keys as if they were opaque\n" \
|
||||||
" default: 0 (disabled)\n"
|
" default: 0 (disabled)\n"
|
||||||
@@ -246,6 +248,7 @@ int main(void)
|
|||||||
" The PSK values are in hex, without 0x.\n" \
|
" The PSK values are in hex, without 0x.\n" \
|
||||||
" id1,psk1[,id2,psk2[,...]]\n" \
|
" id1,psk1[,id2,psk2[,...]]\n" \
|
||||||
" psk_identity=%%s default: \"Client_identity\"\n"
|
" psk_identity=%%s default: \"Client_identity\"\n"
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#define USAGE_PSK_SLOT \
|
#define USAGE_PSK_SLOT \
|
||||||
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
" psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
|
||||||
" Enable this to store the PSK configured through command line\n" \
|
" Enable this to store the PSK configured through command line\n" \
|
||||||
@@ -267,6 +270,7 @@ int main(void)
|
|||||||
" with prepopulated key slots instead of importing raw key material.\n"
|
" with prepopulated key slots instead of importing raw key material.\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK_SLOT ""
|
#define USAGE_PSK_SLOT ""
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
|
||||||
#else
|
#else
|
||||||
#define USAGE_PSK ""
|
#define USAGE_PSK ""
|
||||||
@@ -415,9 +419,14 @@ int main(void)
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#define USAGE_ECJPAKE \
|
#define USAGE_ECJPAKE \
|
||||||
" ecjpake_pw=%%s default: none (disabled)\n" \
|
" ecjpake_pw=%%s default: none (disabled)\n" \
|
||||||
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
|
||||||
|
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
#define USAGE_ECJPAKE \
|
||||||
|
" ecjpake_pw=%%s default: none (disabled)\n"
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
#define USAGE_ECJPAKE ""
|
#define USAGE_ECJPAKE ""
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
@@ -632,8 +641,10 @@ struct options {
|
|||||||
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
||||||
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
||||||
int async_private_error; /* inject error in async private callback */
|
int async_private_error; /* inject error in async private callback */
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int psk_opaque;
|
int psk_opaque;
|
||||||
int psk_list_opaque;
|
int psk_list_opaque;
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
int ca_callback; /* Use callback for trusted certificate list */
|
int ca_callback; /* Use callback for trusted certificate list */
|
||||||
#endif
|
#endif
|
||||||
@@ -641,7 +652,9 @@ struct options {
|
|||||||
const char *psk_identity; /* the pre-shared key identity */
|
const char *psk_identity; /* the pre-shared key identity */
|
||||||
char *psk_list; /* list of PSK id/key pairs for callback */
|
char *psk_list; /* list of PSK id/key pairs for callback */
|
||||||
const char *ecjpake_pw; /* the EC J-PAKE password */
|
const char *ecjpake_pw; /* the EC J-PAKE password */
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
|
||||||
|
#endif
|
||||||
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
|
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
|
||||||
@@ -949,7 +962,9 @@ struct _psk_entry {
|
|||||||
const char *name;
|
const char *name;
|
||||||
size_t key_len;
|
size_t key_len;
|
||||||
unsigned char key[MBEDTLS_PSK_MAX_LEN];
|
unsigned char key[MBEDTLS_PSK_MAX_LEN];
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t slot;
|
mbedtls_svc_key_id_t slot;
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
psk_entry *next;
|
psk_entry *next;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -961,6 +976,7 @@ static int psk_free(psk_entry *head)
|
|||||||
psk_entry *next;
|
psk_entry *next;
|
||||||
|
|
||||||
while (head != NULL) {
|
while (head != NULL) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
mbedtls_svc_key_id_t const slot = head->slot;
|
mbedtls_svc_key_id_t const slot = head->slot;
|
||||||
|
|
||||||
@@ -970,6 +986,7 @@ static int psk_free(psk_entry *head)
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
next = head->next;
|
next = head->next;
|
||||||
mbedtls_free(head);
|
mbedtls_free(head);
|
||||||
@@ -1035,9 +1052,11 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
|
|||||||
while (cur != NULL) {
|
while (cur != NULL) {
|
||||||
if (name_len == strlen(cur->name) &&
|
if (name_len == strlen(cur->name) &&
|
||||||
memcmp(name, cur->name, name_len) == 0) {
|
memcmp(name, cur->name, name_len) == 0) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
|
if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
|
||||||
return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
|
return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
|
||||||
} else
|
} else
|
||||||
|
#endif
|
||||||
return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
|
return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1283,6 +1302,7 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl)
|
|||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
|
static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
@@ -1306,6 +1326,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
|
|||||||
return PSA_SUCCESS;
|
return PSA_SUCCESS;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
static int report_cid_usage(mbedtls_ssl_context *ssl,
|
static int report_cid_usage(mbedtls_ssl_context *ssl,
|
||||||
@@ -1522,8 +1543,10 @@ int main(int argc, char *argv[])
|
|||||||
io_ctx_t io_ctx;
|
io_ctx_t io_ctx;
|
||||||
unsigned char *buf = 0;
|
unsigned char *buf = 0;
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_algorithm_t alg = 0;
|
psa_algorithm_t alg = 0;
|
||||||
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
psk_entry *psk_info = NULL;
|
psk_entry *psk_info = NULL;
|
||||||
@@ -1551,8 +1574,10 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_x509_crt srvcert2;
|
mbedtls_x509_crt srvcert2;
|
||||||
mbedtls_pk_context pkey2;
|
mbedtls_pk_context pkey2;
|
||||||
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||||
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
|
||||||
|
#endif
|
||||||
int key_cert_init = 0, key_cert_init2 = 0;
|
int key_cert_init = 0, key_cert_init2 = 0;
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
@@ -1584,9 +1609,10 @@ int main(int argc, char *argv[])
|
|||||||
unsigned char *context_buf = NULL;
|
unsigned char *context_buf = NULL;
|
||||||
size_t context_buf_len = 0;
|
size_t context_buf_len = 0;
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
|
||||||
@@ -1595,7 +1621,9 @@ int main(int argc, char *argv[])
|
|||||||
int i;
|
int i;
|
||||||
char *p, *q;
|
char *p, *q;
|
||||||
const int *list;
|
const int *list;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
|
#endif
|
||||||
unsigned char eap_tls_keymaterial[16];
|
unsigned char eap_tls_keymaterial[16];
|
||||||
unsigned char eap_tls_iv[8];
|
unsigned char eap_tls_iv[8];
|
||||||
const char *eap_tls_label = "client EAP encryption";
|
const char *eap_tls_label = "client EAP encryption";
|
||||||
@@ -1656,6 +1684,7 @@ int main(int argc, char *argv[])
|
|||||||
mbedtls_ssl_cookie_init(&cookie_ctx);
|
mbedtls_ssl_cookie_init(&cookie_ctx);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
status = psa_crypto_init();
|
status = psa_crypto_init();
|
||||||
if (status != PSA_SUCCESS) {
|
if (status != PSA_SUCCESS) {
|
||||||
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
|
||||||
@@ -1663,6 +1692,7 @@ int main(int argc, char *argv[])
|
|||||||
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||||
mbedtls_test_enable_insecure_external_rng();
|
mbedtls_test_enable_insecure_external_rng();
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
|
||||||
@@ -1701,15 +1731,19 @@ int main(int argc, char *argv[])
|
|||||||
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
||||||
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
|
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
|
||||||
opt.psk = DFL_PSK;
|
opt.psk = DFL_PSK;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
opt.psk_opaque = DFL_PSK_OPAQUE;
|
opt.psk_opaque = DFL_PSK_OPAQUE;
|
||||||
opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
|
opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
opt.ca_callback = DFL_CA_CALLBACK;
|
opt.ca_callback = DFL_CA_CALLBACK;
|
||||||
#endif
|
#endif
|
||||||
opt.psk_identity = DFL_PSK_IDENTITY;
|
opt.psk_identity = DFL_PSK_IDENTITY;
|
||||||
opt.psk_list = DFL_PSK_LIST;
|
opt.psk_list = DFL_PSK_LIST;
|
||||||
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
opt.ecjpake_pw = DFL_ECJPAKE_PW;
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
|
||||||
|
#endif
|
||||||
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
|
||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
|
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
|
||||||
@@ -1890,7 +1924,7 @@ usage:
|
|||||||
} else if (strcmp(p, "key_pwd") == 0) {
|
} else if (strcmp(p, "key_pwd") == 0) {
|
||||||
opt.key_pwd = q;
|
opt.key_pwd = q;
|
||||||
}
|
}
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||||
else if (strcmp(p, "key_opaque") == 0) {
|
else if (strcmp(p, "key_opaque") == 0) {
|
||||||
opt.key_opaque = atoi(q);
|
opt.key_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
@@ -1939,11 +1973,13 @@ usage:
|
|||||||
else if (strcmp(p, "psk") == 0) {
|
else if (strcmp(p, "psk") == 0) {
|
||||||
opt.psk = q;
|
opt.psk = q;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
else if (strcmp(p, "psk_opaque") == 0) {
|
else if (strcmp(p, "psk_opaque") == 0) {
|
||||||
opt.psk_opaque = atoi(q);
|
opt.psk_opaque = atoi(q);
|
||||||
} else if (strcmp(p, "psk_list_opaque") == 0) {
|
} else if (strcmp(p, "psk_list_opaque") == 0) {
|
||||||
opt.psk_list_opaque = atoi(q);
|
opt.psk_list_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||||
else if (strcmp(p, "ca_callback") == 0) {
|
else if (strcmp(p, "ca_callback") == 0) {
|
||||||
opt.ca_callback = atoi(q);
|
opt.ca_callback = atoi(q);
|
||||||
@@ -1956,9 +1992,11 @@ usage:
|
|||||||
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
} else if (strcmp(p, "ecjpake_pw") == 0) {
|
||||||
opt.ecjpake_pw = q;
|
opt.ecjpake_pw = q;
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
|
||||||
opt.ecjpake_pw_opaque = atoi(q);
|
opt.ecjpake_pw_opaque = atoi(q);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
else if (strcmp(p, "force_ciphersuite") == 0) {
|
else if (strcmp(p, "force_ciphersuite") == 0) {
|
||||||
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
|
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
|
||||||
|
|
||||||
@@ -2329,6 +2367,7 @@ usage:
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
if (strlen(opt.psk) == 0) {
|
if (strlen(opt.psk) == 0) {
|
||||||
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
|
||||||
@@ -2358,6 +2397,7 @@ usage:
|
|||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
if (opt.force_ciphersuite[0] > 0) {
|
if (opt.force_ciphersuite[0] > 0) {
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||||
@@ -2387,6 +2427,7 @@ usage:
|
|||||||
opt.min_version = ciphersuite_info->min_tls_version;
|
opt.min_version = ciphersuite_info->min_tls_version;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
|
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
|
||||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||||
@@ -2398,6 +2439,7 @@ usage:
|
|||||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||||
@@ -2690,6 +2732,7 @@ usage:
|
|||||||
#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
#endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.key_opaque != 0) {
|
if (opt.key_opaque != 0) {
|
||||||
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
|
||||||
psa_key_usage_t psa_usage = 0;
|
psa_key_usage_t psa_usage = 0;
|
||||||
@@ -2725,6 +2768,7 @@ usage:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
mbedtls_printf(" ok (key types: %s, %s)\n",
|
mbedtls_printf(" ok (key types: %s, %s)\n",
|
||||||
key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
|
key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
|
||||||
@@ -3138,6 +3182,7 @@ usage:
|
|||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
||||||
|
|
||||||
if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
|
if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
/* The algorithm has already been determined earlier. */
|
/* The algorithm has already been determined earlier. */
|
||||||
status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
|
status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
|
||||||
@@ -3154,6 +3199,7 @@ usage:
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
if (psk_len > 0) {
|
if (psk_len > 0) {
|
||||||
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
|
||||||
(const unsigned char *) opt.psk_identity,
|
(const unsigned char *) opt.psk_identity,
|
||||||
@@ -3167,6 +3213,7 @@ usage:
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (opt.psk_list != NULL) {
|
if (opt.psk_list != NULL) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_list_opaque != 0) {
|
if (opt.psk_list_opaque != 0) {
|
||||||
psk_entry *cur_psk;
|
psk_entry *cur_psk;
|
||||||
for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
|
for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
|
||||||
@@ -3180,6 +3227,7 @@ usage:
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
|
mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
|
||||||
}
|
}
|
||||||
@@ -3336,6 +3384,7 @@ reset:
|
|||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
@@ -3361,6 +3410,7 @@ reset:
|
|||||||
}
|
}
|
||||||
mbedtls_printf("using opaque password\n");
|
mbedtls_printf("using opaque password\n");
|
||||||
} else
|
} else
|
||||||
|
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||||
{
|
{
|
||||||
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
|
||||||
(const unsigned char *) opt.ecjpake_pw,
|
(const unsigned char *) opt.ecjpake_pw,
|
||||||
@@ -4203,9 +4253,11 @@ exit:
|
|||||||
mbedtls_pk_free(&pkey);
|
mbedtls_pk_free(&pkey);
|
||||||
mbedtls_x509_crt_free(&srvcert2);
|
mbedtls_x509_crt_free(&srvcert2);
|
||||||
mbedtls_pk_free(&pkey2);
|
mbedtls_pk_free(&pkey2);
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
psa_destroy_key(key_slot);
|
psa_destroy_key(key_slot);
|
||||||
psa_destroy_key(key_slot2);
|
psa_destroy_key(key_slot2);
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
|
||||||
for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
|
for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
|
||||||
@@ -4217,7 +4269,8 @@ exit:
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
|
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
if (opt.psk_opaque != 0) {
|
if (opt.psk_opaque != 0) {
|
||||||
/* This is ok even if the slot hasn't been
|
/* This is ok even if the slot hasn't been
|
||||||
* initialized (we might have jumed here
|
* initialized (we might have jumed here
|
||||||
@@ -4231,9 +4284,11 @@ exit:
|
|||||||
(int) status);
|
(int) status);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
|
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
|
||||||
|
MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||||
|
defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||||
/*
|
/*
|
||||||
* In case opaque keys it's the user responsibility to keep the key valid
|
* In case opaque keys it's the user responsibility to keep the key valid
|
||||||
* for the duration of the handshake and destroy it at the end
|
* for the duration of the handshake and destroy it at the end
|
||||||
@@ -4252,8 +4307,9 @@ exit:
|
|||||||
psa_destroy_key(ecjpake_pw_slot);
|
psa_destroy_key(ecjpake_pw_slot);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||||
const char *message = mbedtls_test_helper_is_psa_leaking();
|
const char *message = mbedtls_test_helper_is_psa_leaking();
|
||||||
if (message) {
|
if (message) {
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
@@ -4261,10 +4317,12 @@ exit:
|
|||||||
}
|
}
|
||||||
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
mbedtls_printf("PSA memory leak detected: %s\n", message);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
/* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
|
||||||
* resources are freed by rng_free(). */
|
* resources are freed by rng_free(). */
|
||||||
#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
|
||||||
|
&& !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
|
||||||
mbedtls_psa_crypto_free();
|
mbedtls_psa_crypto_free();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user