From cdb37812e50e20c08981afd91ba546db56688b64 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 18:02:49 +0100 Subject: [PATCH 01/26] Update obsolete section title Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 348c79cf43..e7f99ad3bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5585,7 +5585,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) } /****************************************************************/ -/* Generators */ +/* Key derivation: output generation */ /****************************************************************/ #if defined(BUILTIN_ALG_ANY_HKDF) || \ @@ -6667,7 +6667,7 @@ psa_status_t psa_key_derivation_output_key( /****************************************************************/ -/* Key derivation */ +/* Key derivation: operation management */ /****************************************************************/ #if defined(AT_LEAST_ONE_BUILTIN_KDF) @@ -8222,6 +8222,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, key); } + + /****************************************************************/ /* Module setup */ /****************************************************************/ @@ -8497,6 +8499,12 @@ exit: return status; } + + +/****************************************************************/ +/* PAKE */ +/****************************************************************/ + #if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t psa_crypto_driver_pake_get_password_len( const psa_crypto_driver_pake_inputs_t *inputs, From f5f15aa9e256786900ca04773f3e1603d4ac7ac1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 19:33:20 +0100 Subject: [PATCH 02/26] Move concurrent tests to a separate .data file They can cause specific challenges when debugging, so move them out for maintainers' convenience. Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto.concurrent.data | 188 ++++++++++++++++++ tests/suites/test_suite_psa_crypto.data | 188 ------------------ 2 files changed, 188 insertions(+), 188 deletions(-) create mode 100644 tests/suites/test_suite_psa_crypto.concurrent.data diff --git a/tests/suites/test_suite_psa_crypto.concurrent.data b/tests/suites/test_suite_psa_crypto.concurrent.data new file mode 100644 index 0000000000..94fafef897 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto.concurrent.data @@ -0,0 +1,188 @@ +PSA concurrently import/exercise same key: RSA keypair, PKCS#1 v1.5 raw +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT +concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:100 + +PSA concurrently import/exercise same key: RSA keypair, PSS-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT +concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 + +PSA concurrently import/exercise same key: RSA keypair, PSS-any-salt-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT +concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 + +PSA concurrently import/exercise same key: RSA public key, PKCS#1 v1.5 raw +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY +concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:100 + +PSA concurrently import/exercise same key: RSA public key, PSS-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY +concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 + +PSA concurrently import/exercise same key: RSA public key, PSS-any-salt-SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY +concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):100 + +PSA concurrently import/exercise same key: ECP SECP256R1 keypair, ECDSA +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY:100 + +PSA concurrently import/exercise same key: ECP SECP256R1 keypair, deterministic ECDSA +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):100 + +PSA concurrently import/exercise same key: ECP SECP256R1 keypair, ECDH +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDH:100 + +PSA concurrently import/exercise same key: HKDF SHA-256 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +concurrently_use_same_persistent_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_HKDF(PSA_ALG_SHA_256):100 + +PSA concurrently import/exercise same key: TLS 1.2 PRF SHA-256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +concurrently_use_same_persistent_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):100 + +PSA concurrent key generation: bad type (RSA public key) +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 0 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 7 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation- raw data, 9 bits: invalid argument +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528) +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 + +PSA concurrent key generation: raw data, 65536 bits (not supported) +depends_on:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65536:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: AES, 128 bits, CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: AES, 128 bits, GCM +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 64 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 128 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: DES, 192 bits, CBC-nopad +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: invalid key size: AES, 64 bits +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1032 bits, good, sign (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 1024 bits, good, encrypt (OAEP SHA-256) +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: RSA, 0 bits: invalid +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 8: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, size not multiple of 2: not supported +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: RSA, maximum size exceeded +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, SECP256R1, incorrect bit size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD +# INVALID_ARGUMENT would make more sense, but our code as currently structured +# doesn't fully relate the curve with its size. +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0:8:5 + +PSA concurrent key generation: ECC, Curve25519, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: ECC, Curve448, good +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 2048 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 3072 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 4096 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 6144 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 8192 bits, good +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 + +PSA concurrent key generation: FFDH, 1024 bits, invalid bits +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD +concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5 + diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 038d912dc0..3d99edb35c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4295,50 +4295,6 @@ PSA import/exercise: TLS 1.2 PRF SHA-256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) -PSA concurrently import/exercise same key: RSA keypair, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:100 - -PSA concurrently import/exercise same key: RSA keypair, PSS-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 - -PSA concurrently import/exercise same key: RSA keypair, PSS-any-salt-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT -concurrently_use_same_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 - -PSA concurrently import/exercise same key: RSA public key, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:100 - -PSA concurrently import/exercise same key: RSA public key, PSS-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):100 - -PSA concurrently import/exercise same key: RSA public key, PSS-any-salt-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -concurrently_use_same_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):100 - -PSA concurrently import/exercise same key: ECP SECP256R1 keypair, ECDSA -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY:100 - -PSA concurrently import/exercise same key: ECP SECP256R1 keypair, deterministic ECDSA -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):100 - -PSA concurrently import/exercise same key: ECP SECP256R1 keypair, ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 -concurrently_use_same_persistent_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDH:100 - -PSA concurrently import/exercise same key: HKDF SHA-256 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -concurrently_use_same_persistent_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_HKDF(PSA_ALG_SHA_256):100 - -PSA concurrently import/exercise same key: TLS 1.2 PRF SHA-256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -concurrently_use_same_persistent_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):100 - PSA sign hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a" @@ -7670,150 +7626,6 @@ PSA generate key ext: ECC, params.data non-empty depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_ECDH generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:0:"2a":PSA_ERROR_INVALID_ARGUMENT -PSA concurrent key generation: bad type (RSA public key) -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: raw data, 0 bits: invalid argument -depends_on:MBEDTLS_THREADING_PTHREAD -# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:0:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: raw data, 7 bits: invalid argument -depends_on:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:7:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: raw data, 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation- raw data, 9 bits: invalid argument -depends_on:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528) -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 - -PSA concurrent key generation: raw data, 65536 bits (not supported) -depends_on:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65536:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0:8:5 - -PSA concurrent key generation: AES, 128 bits, CTR -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: AES, 128 bits, GCM -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_GCM:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: DES, 64 bits, CBC-nopad -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: DES, 128 bits, CBC-nopad -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: DES, 192 bits, CBC-nopad -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: invalid key size: AES, 64 bits -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_AES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: RSA, minimum allowed key size, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS > 128:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, 1032 bits, good, sign (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1032:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1032:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, 1024 bits, good, sign (PSS-any-salt SHA-256) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, minimum allowed key size, good, encrypt (PKCS#1 v1.5) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 256:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 2048:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, 1024 bits, good, encrypt (OAEP SHA-256) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= 1024:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: RSA, 0 bits: invalid -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD -# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_INVALID_ARGUMENT:0:8:5 - -PSA concurrent key generation: RSA, size not multiple of 8: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 62:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 - -PSA concurrent key generation: RSA, size not multiple of 2: not supported -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS + 63:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 - -PSA concurrent key generation: RSA, maximum size exceeded -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0:8:5 - -PSA concurrent key generation: ECC, SECP256R1, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: ECC, SECP256R1, incorrect bit size -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_THREADING_PTHREAD -# INVALID_ARGUMENT would make more sense, but our code as currently structured -# doesn't fully relate the curve with its size. -concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED:0:8:5 - -PSA concurrent key generation: ECC, Curve25519, good -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_255:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: ECC, Curve448, good -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_MONTGOMERY_448:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 2048 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 3072 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 4096 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 6144 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 8192 bits, good -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0:8:5 - -PSA concurrent key generation: FFDH, 1024 bits, invalid bits -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:MBEDTLS_THREADING_PTHREAD -concurrently_generate_keys:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0:8:5 - Key production parameters initializers key_production_parameters_init: From ebd0888cf0909e0cc0340316a8c1e12704f9f824 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 19:37:56 +0100 Subject: [PATCH 03/26] Move persistent key tests to a separate .data file They can cause specific challenges when debugging, so move them out for maintainers' convenience. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 39 ------------------- .../test_suite_psa_crypto.persistent.data | 39 +++++++++++++++++++ 2 files changed, 39 insertions(+), 39 deletions(-) create mode 100644 tests/suites/test_suite_psa_crypto.persistent.data diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 3d99edb35c..22ecab0e79 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7629,45 +7629,6 @@ generate_key_ext:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_U Key production parameters initializers key_production_parameters_init: -PSA import persistent key: raw data, 8 bits -depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY - -PSA import persistent key: AES, 128 bits, exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY - -PSA import persistent key: AES, 128 bits, non-exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY - -PSA generate persistent key: raw data, 8 bits, exportable -depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY - -PSA generate persistent key: AES, 128 bits, exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY - -PSA generate persistent key: AES, 128 bits, non-exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY - -PSA generate persistent key: DES, 64 bits, exportable -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY - -PSA generate persistent key: RSA, minimum size key, exportable -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512 -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY - -PSA generate persistent key: ECC, SECP256R1, exportable -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY - -PSA derive persistent key: HKDF SHA-256, exportable -persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY - ECP group ID <-> PSA family - SECP192R1 depends_on:PSA_WANT_ECC_SECP_R1_192 ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192R1:PSA_ECC_FAMILY_SECP_R1:192 diff --git a/tests/suites/test_suite_psa_crypto.persistent.data b/tests/suites/test_suite_psa_crypto.persistent.data new file mode 100644 index 0000000000..378e14739e --- /dev/null +++ b/tests/suites/test_suite_psa_crypto.persistent.data @@ -0,0 +1,39 @@ +PSA import persistent key: raw data, 8 bits +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY + +PSA import persistent key: AES, 128 bits, exportable +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY + +PSA import persistent key: AES, 128 bits, non-exportable +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY + +PSA generate persistent key: raw data, 8 bits, exportable +depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:GENERATE_KEY + +PSA generate persistent key: AES, 128 bits, exportable +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY + +PSA generate persistent key: AES, 128 bits, non-exportable +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:GENERATE_KEY + +PSA generate persistent key: DES, 64 bits, exportable +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CBC_NO_PADDING:GENERATE_KEY + +PSA generate persistent key: RSA, minimum size key, exportable +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_CRYPTO_STORAGE_C:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS >= 512 +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):GENERATE_KEY + +PSA generate persistent key: ECC, SECP256R1, exportable +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY + +PSA derive persistent key: HKDF SHA-256, exportable +persistent_key_load_key_from_storage:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_TYPE_RAW_DATA:1024:PSA_KEY_USAGE_EXPORT:0:DERIVE_KEY + From 451b9ada279411dc036a71ef7211a1f5a92e0245 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 8 Jan 2025 17:26:01 +0100 Subject: [PATCH 04/26] Disable warning from gcc -pedantic on dlsym/dlopen Signed-off-by: Gilles Peskine --- programs/test/dlopen.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c index f241254238..1ee24aefeb 100644 --- a/programs/test/dlopen.c +++ b/programs/test/dlopen.c @@ -47,8 +47,15 @@ int main(void) #if defined(MBEDTLS_SSL_TLS_C) void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW); CHECK_DLERROR("dlopen", TLS_SO_FILENAME); +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*ssl_list_ciphersuites)(void) = dlsym(tls_so, "mbedtls_ssl_list_ciphersuites"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites"); const int *ciphersuites = ssl_list_ciphersuites(); for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */ @@ -75,8 +82,15 @@ int main(void) #if defined(MBEDTLS_MD_C) void *crypto_so = dlopen(CRYPTO_SO_FILENAME, RTLD_NOW); CHECK_DLERROR("dlopen", CRYPTO_SO_FILENAME); +#pragma GCC diagnostic push + /* dlsym() returns an object pointer which is meant to be used as a + * function pointer. This has undefined behavior in standard C, so + * "gcc -std=c99 -pedantic" complains about it, but it is perfectly + * fine on platforms that have dlsym(). */ +#pragma GCC diagnostic ignored "-Wpedantic" const int *(*md_list)(void) = dlsym(crypto_so, "mbedtls_md_list"); +#pragma GCC diagnostic pop CHECK_DLERROR("dlsym", "mbedtls_md_list"); const int *mds = md_list(); for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */ From 94c1b9a4c31c377a373dded9f83fd93c966dd3f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 15:08:35 +0100 Subject: [PATCH 05/26] Test with GCC 15 Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index c0edd20649..0bc8ede4a0 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -72,6 +72,23 @@ support_test_gcc_latest_opt () { type "$GCC_LATEST" >/dev/null 2>/dev/null } +# Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : +# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet +# at the time of writing). +# Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this +# separate component. +# For the time being, we don't make $GCC_LATEST be GCC 15 on the CI +# platform, because that would break branches where #9814 isn'f fixed yet. +support_test_gcc15_opt () { + test -x /usr/local/gcc-15/bin/gcc-15 +} +component_test_gcc15_opt () { + scripts/config.py full + # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, + # disable the new problematic optimization. + test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 +} + component_test_gcc_earliest_opt () { scripts/config.py full test_build_opt 'full config' "$GCC_EARLIEST" -O2 From bf90dc9c71b1e6aef34372f8e45819f0213cbba0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 7 Dec 2024 23:32:22 +0100 Subject: [PATCH 06/26] GCC 15: Silence -Wunterminated-string-initialization This is a new warning in GCC 15 that our code base triggers in many places. Silence it for the time being. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 0bc8ede4a0..c8b276c021 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -86,7 +86,9 @@ component_test_gcc15_opt () { scripts/config.py full # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. - test_build_opt 'full config' "/usr/local/gcc-15/bin/gcc-15 -fzero-init-padding-bits=unions" -O2 + # Also disable a warning that we don't yet comply to. + make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + make test } component_test_gcc_earliest_opt () { From 2eab9fd92a2fc052bb71acf4b871d2d88646ae22 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:01:52 +0100 Subject: [PATCH 07/26] Enable drivers when testing with GCC 15 The goal of testing with GCC 15 is to validate fixes for https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in multiple places, and some of them affect third-party drivers but not our built-in implementation. (The bug is that driver contexts might not be zero-initialized, but some of our built-in implementations happen not to care about this.) Thus, enable the test drivers in the test component that uses GCC 15, to gain the extra checks performed in the driver wrappers. Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index c8b276c021..919dbce9ba 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -79,15 +79,25 @@ support_test_gcc_latest_opt () { # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. -support_test_gcc15_opt () { +support_test_gcc15_drivers_opt () { test -x /usr/local/gcc-15/bin/gcc-15 } -component_test_gcc15_opt () { +component_test_gcc15_drivers_opt () { + msg "build: GCC 15: full + test drivers dispatching to builtins" scripts/config.py full + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG + loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" + loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" + loc_cflags="${loc_cflags} -I../framework/tests/include -O2" # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. + loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" # Also disable a warning that we don't yet comply to. - make CC="/usr/local/gcc-15/bin/gcc-15" CFLAGS="-O2 -Wall -Wextra -Werror -fzero-init-padding-bits=unions -Wno-error=unterminated-string-initialization" + loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" + + make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + + msg "test: GCC 15: full + test drivers dispatching to builtins" make test } From df065720da7c3830ab7a04b2308a87e818c35829 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:26:21 +0100 Subject: [PATCH 08/26] Allow gcc-15 to be in $PATH Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index 919dbce9ba..fa8f6126ec 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -80,7 +80,13 @@ support_test_gcc_latest_opt () { # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI # platform, because that would break branches where #9814 isn'f fixed yet. support_test_gcc15_drivers_opt () { - test -x /usr/local/gcc-15/bin/gcc-15 + if type gcc-15 >/dev/null 2>/dev/null; then + GCC_15=gcc-15 + elif [ -x /usr/local/gcc-15/bin/gcc-15 ]; then + GCC_15=/usr/local/gcc-15/bin/gcc-15 + else + return 1 + fi } component_test_gcc15_drivers_opt () { msg "build: GCC 15: full + test drivers dispatching to builtins" @@ -95,7 +101,7 @@ component_test_gcc15_drivers_opt () { # Also disable a warning that we don't yet comply to. loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" - make CC=/usr/local/gcc-15/bin/gcc-15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" msg "test: GCC 15: full + test drivers dispatching to builtins" make test From 88f6ce195e2428460cfe740021836d9277cb856e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 25 Apr 2025 19:06:50 +0200 Subject: [PATCH 09/26] Update framework Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 4a841219ff..1e7b5d54d3 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 4a841219ff9440f6a723e9e9612a33c44ad1e2f9 +Subproject commit 1e7b5d54d3823b65fd4755bcf60f9ca39cfcbca3 From 15bb8e04bf017bb5bb162b61e506ccc32ab611e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 30 Apr 2025 16:57:07 +0200 Subject: [PATCH 10/26] Improve comments Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index fa8f6126ec..d69d529bf2 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -73,12 +73,11 @@ support_test_gcc_latest_opt () { } # Prepare for a non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814 : -# test with GCC 15 (initially, a snapshot, since GCC 15 isn't released yet -# at the time of writing). +# test with GCC 15. # Eventually, $GCC_LATEST will be GCC 15 or above, and we can remove this # separate component. # For the time being, we don't make $GCC_LATEST be GCC 15 on the CI -# platform, because that would break branches where #9814 isn'f fixed yet. +# platform, because that would break branches where #9814 isn't fixed yet. support_test_gcc15_drivers_opt () { if type gcc-15 >/dev/null 2>/dev/null; then GCC_15=gcc-15 @@ -98,7 +97,8 @@ component_test_gcc15_drivers_opt () { # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, # disable the new problematic optimization. loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also disable a warning that we don't yet comply to. + # Also allow a warning that we don't yet comply to. + # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" make CC=$GCC_15 CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From a7a480bb81d7a7139c5933c52216211f5a3402c8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 19:41:52 +0100 Subject: [PATCH 11/26] Initialize driver context in setup functions In API functions that set up a multipart or interruptible operation, make sure to initialize the driver-specific part of the context. This is a union, and initializing the union to `{0}` only guarantees that the first member of the union is initialized, not necessarily the member used by the driver. Most compilers do initialize the whole union to all-bits-zero, but some don't. With compilers that don't, the lack of initialization caused failures of built-in MAC, interruptible-sign and interruptible-verify. It could also cause failures for other operations with third-party drivers: we promise that drivers' setup entry points receive a zero-initialized operation structure, but this promise was not kept. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 56 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e7f99ad3bc..f0434114ea 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2400,8 +2400,11 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, goto exit; } - /* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only - * directly zeroes the int-sized dummy member of the context union. */ + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ memset(&operation->ctx, 0, sizeof(operation->ctx)); status = psa_driver_wrapper_hash_setup(operation, alg); @@ -2596,6 +2599,13 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, return PSA_ERROR_BAD_STATE; } + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&target_operation->ctx, 0, sizeof(target_operation->ctx)); + psa_status_t status = psa_driver_wrapper_hash_clone(source_operation, target_operation); if (status != PSA_SUCCESS) { @@ -2693,6 +2703,13 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation, goto exit; } + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&operation->ctx, 0, sizeof(operation->ctx)); + status = psa_get_and_lock_key_slot_with_policy( key, &slot, @@ -3619,6 +3636,13 @@ psa_status_t psa_sign_hash_start( return PSA_ERROR_BAD_STATE; } + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&operation->ctx, 0, sizeof(operation->ctx)); + status = psa_sign_verify_check_alg(0, alg); if (status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -3779,6 +3803,13 @@ psa_status_t psa_verify_hash_start( return PSA_ERROR_BAD_STATE; } + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&operation->ctx, 0, sizeof(operation->ctx)); + status = psa_sign_verify_check_alg(0, alg); if (status != PSA_SUCCESS) { operation->error_occurred = 1; @@ -4446,6 +4477,14 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation, } operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg); + + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&operation->ctx, 0, sizeof(operation->ctx)); + /* Try doing the operation through a driver before using software fallback. */ if (cipher_operation == MBEDTLS_ENCRYPT) { status = psa_driver_wrapper_cipher_encrypt_setup(operation, @@ -5079,6 +5118,13 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation, goto exit; } + /* Make sure the driver-dependent part of the operation is zeroed. + * This is a guarantee we make to drivers. Initializing the operation + * does not necessarily take care of it, since the context is a + * union and initializing a union does not necessarily initialize + * all of its members. */ + memset(&operation->ctx, 0, sizeof(operation->ctx)); + if (is_encrypt) { key_usage = PSA_KEY_USAGE_ENCRYPT; } else { @@ -8629,7 +8675,11 @@ psa_status_t psa_pake_setup( goto exit; } - memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); + /* Make sure the variable-purpose part of the operation is zeroed. + * Initializing the operation does not necessarily take care of it, + * since the context is a union and initializing a union does not + * necessarily initialize all of its members. */ + memset(&operation->data, 0, sizeof(operation->data)); operation->alg = cipher_suite->algorithm; operation->primitive = PSA_PAKE_PRIMITIVE(cipher_suite->type, From bbec1c1d25c848ed3d3d5c82864feb13eedf9cfd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 19:53:28 +0100 Subject: [PATCH 12/26] Initialize MAC context in internal functions for KDF In functions that bypass the API functions and call the MAC driver wrapper `psa_driver_wrapper_mac_sign_setup()` directly, make sure to initialize the driver-specific part of the context. This is a union, and initializing the union to `{0}` only guarantees that the first member of the union is initialized, not necessarily the member used by the driver. Most compilers do initialize the whole union to all-bits-zero, but some don't. With compilers that don't, the lack of initialization caused failures of the affected operations. This affected several key derivation operations. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f0434114ea..3342b1b47f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5645,6 +5645,17 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) #if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) + +/** Internal helper to set up an HMAC operation with a key passed directly. + * + * \param[in,out] operation A MAC operation object. It does not need to + * be initialized. + * \param hash_alg The hash algorithm used for HMAC. + * \param hmac_key The HMAC key. + * \param hmac_key_length Length of \p hmac_key in bytes. + * + * \return A PSA status code. + */ static psa_status_t psa_key_derivation_start_hmac( psa_mac_operation_t *operation, psa_algorithm_t hash_alg, @@ -5657,6 +5668,14 @@ static psa_status_t psa_key_derivation_start_hmac( psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(hmac_key_length)); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + /* Make sure the whole the operation is zeroed. + * It isn't enough to require the caller to initialize operation to + * PSA_MAC_OPERATION_INIT, since one field is a union and initializing + * a union does not necessarily initialize all of its members. + * psa_mac_setup() would could handle PSA_MAC_OPERATION_INIT, but here we + * bypass it and call lower-level functions directly. */ + memset(operation, 0, sizeof(*operation)); + operation->is_sign = 1; operation->mac_size = PSA_HASH_LENGTH(hash_alg); @@ -5881,7 +5900,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(alg); uint8_t hash_length = PSA_HASH_LENGTH(hash_alg); - psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT; + psa_mac_operation_t hmac; size_t hmac_output_length; psa_status_t status, cleanup_status; @@ -6082,7 +6101,14 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block( psa_key_attributes_t *attributes) { psa_status_t status; - psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT; + psa_mac_operation_t mac_operation; + /* Make sure the whole the operation is zeroed. + * PSA_MAC_OPERATION_INIT does not necessarily do it fully, + * since one field is a union and initializing a union does not + * necessarily initialize all of its members. + * psa_mac_setup() would do it, but here we bypass it and call + * lower-level functions directly. */ + memset(&mac_operation, 0, sizeof(mac_operation)); size_t mac_output_length; uint8_t U_i[PSA_MAC_MAX_SIZE]; uint8_t *U_accumulator = pbkdf2->output_block; From 0e4907d4f5d27305e6ee9d06be7a38efbdd68e1c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 19:53:54 +0100 Subject: [PATCH 13/26] Initialize MAC context in internal functions for one-shot MAC In functions that bypass the API functions and call an internal MAC setup function directly, make sure to initialize the driver-specific part of the context. This is a union, and initializing the union to `{0}` only guarantees that the first member of the union is initialized, not necessarily the member used by the driver. Most compilers do initialize the whole union to all-bits-zero, but some don't. With compilers that don't, the lack of initialization caused failures of the affected operations. This affected one-shot MAC operations using the built-in implementation. Signed-off-by: Gilles Peskine --- library/psa_crypto_mac.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 8fe6218118..7f625c549d 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -465,6 +465,15 @@ psa_status_t mbedtls_psa_mac_compute( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT; + /* Make sure the whole the operation is zeroed. + * PSA_MAC_OPERATION_INIT does not necessarily do it fully, + * since one field is a union and initializing a union does not + * necessarily initialize all of its members. + * In multipart operations, this is done in the API functions, + * before driver dispatch, since it needs to be done before calling + * the driver entry point. Here, we bypass the multipart API, + * so it's our job. */ + memset(&operation, 0, sizeof(operation)); status = psa_mac_setup(&operation, attributes, key_buffer, key_buffer_size, From f4ebf807e665d259a9e75894dfd8562f343d7180 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 7 May 2025 18:50:51 +0200 Subject: [PATCH 14/26] Test with GCC 15 with sloppy union initialization This is a non-regression test for https://github.com/Mbed-TLS/mbedtls/issues/9814 Signed-off-by: Gilles Peskine --- tests/scripts/components-compiler.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh index d69d529bf2..286408717e 100644 --- a/tests/scripts/components-compiler.sh +++ b/tests/scripts/components-compiler.sh @@ -94,10 +94,7 @@ component_test_gcc15_drivers_opt () { loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../framework/tests/include -O2" - # Until https://github.com/Mbed-TLS/mbedtls/issues/9814 is fixed, - # disable the new problematic optimization. - loc_cflags="${loc_cflags} -fzero-init-padding-bits=unions" - # Also allow a warning that we don't yet comply to. + # Allow a warning that we don't yet comply to. # https://github.com/Mbed-TLS/mbedtls/issues/9944 loc_cflags="${loc_cflags} -Wno-error=unterminated-string-initialization" From 65b548386f0ad8c451b04f470a474a74c4045317 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 5 Feb 2025 20:33:15 +0100 Subject: [PATCH 15/26] Changelog entry for the union initialization fixes Signed-off-by: Gilles Peskine --- ChangeLog.d/union-initialization.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ChangeLog.d/union-initialization.txt diff --git a/ChangeLog.d/union-initialization.txt b/ChangeLog.d/union-initialization.txt new file mode 100644 index 0000000000..a63e1ebc00 --- /dev/null +++ b/ChangeLog.d/union-initialization.txt @@ -0,0 +1,15 @@ +Bugfix + * Fix failures of PSA multipart or interruptible operations when the + library or the application is built with a compiler where + "union foo x = {0}" does not initialize non-default members of the + union, such as GCC 15 and some versions of Clang 18. This affected MAC + multipart operations, MAC-based key derivation operations, interruptible + signature, interruptible verification, and potentially other operations + when using third-party drivers. This also affected one-shot MAC + operations using the built-in implementation. Fixes #9814. + * On entry to PSA driver entry points that set up a multipart operation + ("xxx_setup"), the operation object is supposed to be all-bits-zero. + This was sometimes not the case when an operation object is reused, + or with compilers where "union foo x = {0}" does not initialize + non-default members of the union. The PSA core now ensures that this + guarantee is met in all cases. Fixes #9975. From 6fb5120fde4ab889bea402f5ab230c720b0a3b9a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 8 May 2025 16:06:32 +0100 Subject: [PATCH 16/26] Remove .gitmodules Signed-off-by: Janos Follath --- .gitmodules | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 .gitmodules diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 4fb26b555e..0000000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "framework"] - path = framework - url = https://github.com/Mbed-TLS/mbedtls-framework From 91b29a0bd91454b4b3fe58b3ba141e080ce47444 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 13 May 2025 11:53:31 +0200 Subject: [PATCH 17/26] Grammar in comments Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 2 +- library/psa_crypto_mac.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3342b1b47f..9c28609d7e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5672,7 +5672,7 @@ static psa_status_t psa_key_derivation_start_hmac( * It isn't enough to require the caller to initialize operation to * PSA_MAC_OPERATION_INIT, since one field is a union and initializing * a union does not necessarily initialize all of its members. - * psa_mac_setup() would could handle PSA_MAC_OPERATION_INIT, but here we + * psa_mac_setup() would handle PSA_MAC_OPERATION_INIT, but here we * bypass it and call lower-level functions directly. */ memset(operation, 0, sizeof(*operation)); diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 7f625c549d..4464158f93 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -465,7 +465,7 @@ psa_status_t mbedtls_psa_mac_compute( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT; - /* Make sure the whole the operation is zeroed. + /* Make sure the whole operation is zeroed. * PSA_MAC_OPERATION_INIT does not necessarily do it fully, * since one field is a union and initializing a union does not * necessarily initialize all of its members. From 1337d540adc045509f38b6be24e1c08e55e9ed11 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 May 2025 14:12:15 +0200 Subject: [PATCH 18/26] Name and document the type of random generator callbacks Signed-off-by: Gilles Peskine --- include/mbedtls/platform_util.h | 50 +++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 1b371ef3f4..adad6bc3f8 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -159,6 +159,56 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; void mbedtls_platform_zeroize(void *buf, size_t len); #endif +/** \brief The type of custom random generator (RNG) callbacks. + * + * Many Mbed TLS functions take two parameters + * `mbedtls_f_rng_t *f_rng, void *p_rng`. The + * library will call \c f_rng to generate + * random values. + * + * \note This is typically one of the following: + * - mbedtls_ctr_drbg_random() with \c p_rng + * pointing to a #mbedtls_ctr_drbg_context; + * - mbedtls_hmac_drbg_random() with \c p_rng + * pointing to a #mbedtls_hmac_drbg_context; + * - mbedtls_psa_get_random() with + * `prng = MBEDTLS_PSA_RANDOM_STATE`. + * + * \note Generally, given a call + * `mbedtls_foo(f_rng, p_rng, ....)`, the RNG callback + * and the context only need to remain valid until + * the call to `mbedtls_foo` returns. However, there + * are a few exceptions where the callback is stored + * in for future use. Check the documentation of + * the calling function. + * + * \warning In a multithreaded environment, calling the + * function should be thread-safe. The standard + * functions provided by the library are thread-safe + * when #MBEDTLS_THREADING_C is enabled. + * + * \warning This function must either provide as many + * bytes as requested of **cryptographic quality** + * random data, or return a negative error code. + * + * \param p_rng The \c p_rng argument that was passed along \c f_rng. + * The library always passes \c p_rng unchanged. + * This is typically a pointer to the random generator + * state, or \c NULL if the custom random generator + * doesn't need a context-specific state. + * \param[out] output On success, this must be filled with \p output_size + * bytes of cryptographic-quality random data. + * \param output_size The number of bytes to output. + * + * \return \c 0 on success, or a negative error code on failure. + * Library functions will generally propagate this + * error code, so \c MBEDTLS_ERR_xxx values are + * recommended. #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED is + * typically sensible for RNG failures. + */ +typedef int mbedtls_f_rng_t(void *p_rng, + unsigned char *output, size_t output_size); + #if defined(MBEDTLS_HAVE_TIME_DATE) /** * \brief Platform-specific implementation of gmtime_r() From 060c70e3abafcd0d949cc818d36e00e692c69922 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 May 2025 14:19:38 +0200 Subject: [PATCH 19/26] Reference mbedtls_f_rng_t in public documentation In public functions that take `f_rng, p_rng` callbacks, link to the documentation of the callback which is attached to the type name `mbedtls_f_rng_t`. Resolves #5868. ``` grep -l -w 'f_rng)' include | xargs perl -i -pe 's/\Qint (*f_rng)(void *, unsigned char *, size_t)\E/mbedtls_f_rng_t *f_rng/g' ``` and include `platform_util.h` where needed. Signed-off-by: Gilles Peskine --- include/mbedtls/bignum.h | 9 +++++---- include/mbedtls/dhm.h | 6 +++--- include/mbedtls/ecdh.h | 10 +++++----- include/mbedtls/ecdsa.h | 10 +++++----- include/mbedtls/ecjpake.h | 8 ++++---- include/mbedtls/ecp.h | 16 ++++++++-------- include/mbedtls/lms.h | 4 ++-- include/mbedtls/pk.h | 18 +++++++++--------- include/mbedtls/rsa.h | 24 ++++++++++++------------ include/mbedtls/ssl.h | 2 +- include/mbedtls/ssl_cookie.h | 2 +- include/mbedtls/ssl_ticket.h | 2 +- include/mbedtls/x509_crt.h | 4 ++-- include/mbedtls/x509_csr.h | 4 ++-- 14 files changed, 60 insertions(+), 59 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 8367cd34e6..1e1c06330f 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -12,6 +12,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include #include @@ -928,7 +929,7 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A, * be relevant in applications like deterministic ECDSA. */ int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** Generate a random number uniformly in a range. @@ -966,7 +967,7 @@ int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size, int mbedtls_mpi_random(mbedtls_mpi *X, mbedtls_mpi_sint min, const mbedtls_mpi *N, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -1030,7 +1031,7 @@ int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, * \return Another negative error code on other kinds of failure. */ int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief Flags for mbedtls_mpi_gen_prime() @@ -1063,7 +1064,7 @@ typedef enum { * \c 3 and #MBEDTLS_MPI_MAX_BITS. */ int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index fcba3d2af0..bbfe6ea8d5 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -183,7 +183,7 @@ int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx, */ int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -250,7 +250,7 @@ int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx, */ int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, unsigned char *output, size_t olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -281,7 +281,7 @@ int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx, int x_size, */ int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx, unsigned char *output, size_t output_size, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index a6a5069337..a919ad27e6 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -189,7 +189,7 @@ int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid); * \c MBEDTLS_MPI_XXX error code on failure. */ int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -225,7 +225,7 @@ int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_ */ int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp, mbedtls_mpi *z, const mbedtls_ecp_point *Q, const mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -290,7 +290,7 @@ void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx); */ int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -372,7 +372,7 @@ int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx, */ int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -428,7 +428,7 @@ int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx, */ int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx, size_t *olen, unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #if defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 2ecf349115..119ee26463 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -160,7 +160,7 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid); */ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /** @@ -271,7 +271,7 @@ int mbedtls_ecdsa_sign_restartable( mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, int (*f_rng_blind)(void *, unsigned char *, size_t), void *p_rng_blind, @@ -473,7 +473,7 @@ int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t sig_size, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -520,7 +520,7 @@ int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t sig_size, size_t *slen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx); @@ -608,7 +608,7 @@ int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, * \return An \c MBEDTLS_ERR_ECP_XXX code on failure. */ int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief This function sets up an ECDSA context from an EC key pair. diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index c2148a2bd1..7da8cb4e5b 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -162,7 +162,7 @@ int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx); */ int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -203,7 +203,7 @@ int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx, */ int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -243,7 +243,7 @@ int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx, */ int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -266,7 +266,7 @@ int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, */ int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx, unsigned char *buf, size_t len, size_t *olen, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 623910bcbd..5cc0271432 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -966,7 +966,7 @@ int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp, */ int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief This function performs multiplication of a point by @@ -1000,7 +1000,7 @@ int mbedtls_ecp_mul(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, */ int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx); #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED) @@ -1179,7 +1179,7 @@ int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp, */ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, mbedtls_mpi *d, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -1212,7 +1212,7 @@ int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp, int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, const mbedtls_ecp_point *G, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -1240,7 +1240,7 @@ int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp, */ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -1257,7 +1257,7 @@ int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp, mbedtls_mpi *d, * on failure. */ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** \brief Set the public key in a key pair object. @@ -1451,7 +1451,7 @@ int mbedtls_ecp_write_public_key(const mbedtls_ecp_keypair *key, */ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** \brief Calculate the public key from a private key in a key pair. * @@ -1468,7 +1468,7 @@ int mbedtls_ecp_check_pub_priv( */ int mbedtls_ecp_keypair_calc_public( mbedtls_ecp_keypair *key, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** \brief Query the group that a key pair belongs to. * diff --git a/include/mbedtls/lms.h b/include/mbedtls/lms.h index 95fce21337..2f297914be 100644 --- a/include/mbedtls/lms.h +++ b/include/mbedtls/lms.h @@ -364,7 +364,7 @@ void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx); int mbedtls_lms_generate_private_key(mbedtls_lms_private_t *ctx, mbedtls_lms_algorithm_type_t type, mbedtls_lmots_algorithm_type_t otstype, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, const unsigned char *seed, size_t seed_size); @@ -427,7 +427,7 @@ int mbedtls_lms_calculate_public_key(mbedtls_lms_public_t *ctx, * \return A non-zero error code on failure. */ int mbedtls_lms_sign(mbedtls_lms_private_t *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, const unsigned char *msg, unsigned int msg_size, unsigned char *sig, size_t sig_size, size_t *sig_len); diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 52f4cc6c9e..2b7f34bc0b 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -285,7 +285,7 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len); typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig); @@ -849,7 +849,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, int mbedtls_pk_sign(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief Make signature given a signature type. @@ -885,7 +885,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -921,7 +921,7 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_pk_restart_ctx *rs_ctx); /** @@ -947,7 +947,7 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx, int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief Encrypt message (including padding if relevant). @@ -973,7 +973,7 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx, int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** * \brief Check if a public-private pair of keys matches. @@ -991,7 +991,7 @@ int mbedtls_pk_encrypt(mbedtls_pk_context *ctx, */ int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, const mbedtls_pk_context *prv, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** @@ -1109,7 +1109,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) int mbedtls_pk_parse_key(mbedtls_pk_context *ctx, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** \ingroup pk_module */ /** @@ -1173,7 +1173,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, */ int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx, const char *path, const char *password, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng); + mbedtls_f_rng_t *f_rng, void *p_rng); /** \ingroup pk_module */ /** diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c1e76b3927..3f0881a434 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -465,7 +465,7 @@ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx); * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, unsigned int nbits, int exponent); @@ -590,7 +590,7 @@ int mbedtls_rsa_public(mbedtls_rsa_context *ctx, * */ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, const unsigned char *input, unsigned char *output); @@ -619,7 +619,7 @@ int mbedtls_rsa_private(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, size_t ilen, const unsigned char *input, @@ -646,7 +646,7 @@ int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, size_t ilen, const unsigned char *input, @@ -680,7 +680,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, const unsigned char *label, size_t label_len, size_t ilen, @@ -723,7 +723,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, size_t *olen, const unsigned char *input, @@ -765,7 +765,7 @@ int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, * */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, size_t *olen, const unsigned char *input, @@ -806,7 +806,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, const unsigned char *label, size_t label_len, size_t *olen, @@ -849,7 +849,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -881,7 +881,7 @@ int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -933,7 +933,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, @@ -983,7 +983,7 @@ int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_md_type_t md_alg, unsigned int hashlen, diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc9da3417d..960200f4b3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2260,7 +2260,7 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, * \param p_rng RNG parameter */ void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 71c258ea48..0f211e632a 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -70,7 +70,7 @@ void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx); * \brief Setup cookie context (generate keys) */ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); /** diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 2ee1400210..bf3bc7648d 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -122,7 +122,7 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * or a specific MBEDTLS_ERR_XXX error code */ int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_f_rng_t *f_rng, void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime); diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 1ce0d23619..6b96039597 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1176,7 +1176,7 @@ void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx); * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) @@ -1194,7 +1194,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *buf, s * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CRT_WRITE_C */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 8c31c09af4..c4bd7f1220 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -349,7 +349,7 @@ void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx); * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #if defined(MBEDTLS_PEM_WRITE_C) @@ -368,7 +368,7 @@ int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx, unsigned char *buf, si * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng, void *p_rng); #endif /* MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_X509_CSR_WRITE_C */ From ed10e2ab8741f3686a9e26175da4e3b2861e79cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 May 2025 14:24:50 +0200 Subject: [PATCH 20/26] Note functions that store the RNG callback in a context Signed-off-by: Gilles Peskine --- include/mbedtls/ssl.h | 4 ++++ include/mbedtls/ssl_ticket.h | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 960200f4b3..3cdddf7d72 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2255,6 +2255,10 @@ void mbedtls_ssl_conf_verify(mbedtls_ssl_config *conf, /** * \brief Set the random number generator callback * + * \note The callback with its parameter must remain valid as + * long as there is an SSL context that uses the + * SSL configuration. + * * \param conf SSL configuration * \param f_rng RNG function (mandatory) * \param p_rng RNG parameter diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index bf3bc7648d..9f7e44029a 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -98,7 +98,9 @@ void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx); * * \param ctx Context to be set up * \param f_rng RNG callback function (mandatory) - * \param p_rng RNG callback context + * \param p_rng RNG callback context. + * Note that the RNG callback must remain valid + * until the ticket context is freed. * \param cipher AEAD cipher to use for ticket protection. * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. * \param lifetime Tickets lifetime in seconds From c0b357d8b489d5ff19dd99081a58f00be90c3cac Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 May 2025 14:59:42 +0200 Subject: [PATCH 21/26] ECDSA is a special flower Signed-off-by: Gilles Peskine --- include/mbedtls/ecdsa.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 119ee26463..cbe4679d1d 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -207,7 +207,7 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng_blind, void *p_rng_blind); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -273,7 +273,7 @@ int mbedtls_ecdsa_sign_restartable( const unsigned char *buf, size_t blen, mbedtls_f_rng_t *f_rng, void *p_rng, - int (*f_rng_blind)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng_blind, void *p_rng_blind, mbedtls_ecdsa_restart_ctx *rs_ctx); @@ -334,7 +334,7 @@ int mbedtls_ecdsa_sign_det_restartable( mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), + mbedtls_f_rng_t *f_rng_blind, void *p_rng_blind, mbedtls_ecdsa_restart_ctx *rs_ctx); From addf8fc03e8c54319824363dba85c5f83f249772 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 May 2025 15:00:09 +0200 Subject: [PATCH 22/26] Fix ECDSA documentation: blinding is no longer optional Since Mbed TLS 3.0, blinding is no longer optional in ECDSA. `mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_write_signature_restartable()` error out if `f_rng == NULL`. We forgot to update the function documentation. Signed-off-by: Gilles Peskine --- include/mbedtls/ecdsa.h | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index cbe4679d1d..c1616615f7 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -150,7 +150,8 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid); * buffer of length \p blen Bytes. It may be \c NULL if * \p blen is zero. * \param blen The length of \p buf in Bytes. - * \param f_rng The RNG function. This must not be \c NULL. + * \param f_rng The RNG function, used both to generate the ECDSA nonce + * and for blinding. This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context parameter. * @@ -247,7 +248,8 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, * buffer of length \p blen Bytes. It may be \c NULL if * \p blen is zero. * \param blen The length of \p buf in Bytes. - * \param f_rng The RNG function. This must not be \c NULL. + * \param f_rng The RNG function used to generate the ECDSA nonce. + * This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng doesn't need a context parameter. * \param f_rng_blind The RNG function used for blinding. This must not be @@ -458,10 +460,10 @@ int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, * \param sig_size The size of the \p sig buffer in bytes. * \param slen The address at which to store the actual length of * the signature written. Must not be \c NULL. - * \param f_rng The RNG function. This must not be \c NULL if - * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, - * it is used only for blinding and may be set to \c NULL, but - * doing so is DEPRECATED. + * \param f_rng The RNG function. This is used for blinding. + * If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also + * used to generate the ECDSA nonce. + * This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't use a context. * @@ -501,9 +503,10 @@ int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx, * \param sig_size The size of the \p sig buffer in bytes. * \param slen The address at which to store the actual length of * the signature written. Must not be \c NULL. - * \param f_rng The RNG function. This must not be \c NULL if - * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise, - * it is unused and may be set to \c NULL. + * \param f_rng The RNG function. This is used for blinding. + * If #MBEDTLS_ECDSA_DETERMINISTIC is unset, this is also + * used to generate the ECDSA nonce. + * This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't use a context. * \param rs_ctx The restart context to use. This may be \c NULL to disable From e3aaf82a772faa4233c88477978bac17726fc87f Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Mon, 18 Mar 2024 12:32:30 +0000 Subject: [PATCH 23/26] Mark ssl_tls12_preset_default_sig_algs const To place in flash and save RAM on targets where this applies. Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ce14c7d7ba..465b921a6a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5762,7 +5762,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_default_sig_algs[] = { +static const uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA512) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From fb5e2e5e46de66a53422e6abe80f97c9bf548035 Mon Sep 17 00:00:00 2001 From: Deomid rojer Ryabkov Date: Wed, 20 Mar 2024 00:43:34 +0000 Subject: [PATCH 24/26] Mark ssl_tls12_preset_suiteb_sig_algs const Signed-off-by: Deomid rojer Ryabkov --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 465b921a6a..b5bea7521a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5826,7 +5826,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = { /* NOTICE: see above */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { +static const uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) From 3ea3635d2f463594e2aeed03dbf38360a92ca8f2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 May 2025 10:02:12 +0200 Subject: [PATCH 25/26] Move the inclusion of crypto_sizes.h and crypto_struct.h in crypto.h That way when API are declared, the types they use are defined. This should resolve the issues related to psa_xyz_init functions returning a structure described in #7087. Signed-off-by: Ronald Cron --- include/psa/crypto.h | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2bbcea3ee0..2fe9f35ec3 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -59,6 +59,18 @@ extern "C" { * of integral types defined in "crypto_types.h". */ #include "crypto_values.h" +/* The file "crypto_sizes.h" contains definitions for size calculation + * macros whose definitions are implementation-specific. */ +#include "crypto_sizes.h" + +/* The file "crypto_struct.h" contains definitions for + * implementation-specific structs that are declared above. */ +#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE) +#include MBEDTLS_PSA_CRYPTO_STRUCT_FILE +#else +#include "crypto_struct.h" +#endif + /** \defgroup initialization Library initialization * @{ */ @@ -4958,18 +4970,6 @@ psa_status_t psa_verify_hash_abort( } #endif -/* The file "crypto_sizes.h" contains definitions for size calculation - * macros whose definitions are implementation-specific. */ -#include "crypto_sizes.h" - -/* The file "crypto_struct.h" contains definitions for - * implementation-specific structs that are declared above. */ -#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE) -#include MBEDTLS_PSA_CRYPTO_STRUCT_FILE -#else -#include "crypto_struct.h" -#endif - /* The file "crypto_extra.h" contains vendor-specific definitions. This * can include vendor-defined algorithms, extra functions, etc. */ #include "crypto_extra.h" From 4960825a946f201955c674e0dc1aafec4621d25c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 28 May 2025 10:05:32 +0200 Subject: [PATCH 26/26] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/move-crypto-struct-inclusion.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/move-crypto-struct-inclusion.txt diff --git a/ChangeLog.d/move-crypto-struct-inclusion.txt b/ChangeLog.d/move-crypto-struct-inclusion.txt new file mode 100644 index 0000000000..c5f6d2b822 --- /dev/null +++ b/ChangeLog.d/move-crypto-struct-inclusion.txt @@ -0,0 +1,3 @@ +Bugfix + * Resolved build issue with C++ projects using TF-PSA-Crypto when compiling + with the MSVC toolset v142 and earlier. Fixes mbedtls issue #7087.