lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Merge branch 'mbedtls-2.28' into buffer-sharing-merge-2.28

Browse Source
This commit is contained in:
David Horstmann
2024-03-11 16:28:50 +00:00
parent 479448dbc8 5bc604f33c
commit f06494dc9e
30 changed files with 578 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.d/fix-ssl-session-serialization-config.txt Normal file
View File

@@ -0,0 +1,4 @@
Bugfix
* Fix missing bitflags in SSL session serialization headers. Their absence
allowed SSL sessions saved in one configuration to be loaded in a
different, incompatible configuration.

3
ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt Normal file
View File

@@ -0,0 +1,3 @@
Bugfix
* Correct initial capacities for key derivation algorithms:TLS12_PRF,
TLS12_PSK_TO_MS

3
ChangeLog.d/gen-key-segfault.txt Normal file
View File

@@ -0,0 +1,3 @@
Bugfix
* Avoid segmentation fault caused by releasing not initialized
entropy resource in gen_key example. Fixes #8809.

3
ChangeLog.d/rsa-bitlen.txt Normal file
View File

@@ -0,0 +1,3 @@
Bugfix
* Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
multiple of 8. Fixes #868.

40
include/mbedtls/ecp.h
View File

@@ -1265,6 +1265,8 @@ int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
/** /**
* \brief This function reads an elliptic curve private key. * \brief This function reads an elliptic curve private key.
* *
* \note This function does not support Curve448 yet.
*
* \param grp_id The ECP group identifier. * \param grp_id The ECP group identifier.
* \param key The destination key. * \param key The destination key.
* \param buf The buffer containing the binary representation of the * \param buf The buffer containing the binary representation of the
@@ -1286,17 +1288,43 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
/** /**
* \brief This function exports an elliptic curve private key. * \brief This function exports an elliptic curve private key.
* *
* \note Note that although this function accepts an output
* buffer that is smaller or larger than the key, most key
* import interfaces require the output to have exactly
* key's nominal length. It is generally simplest to
* pass the key's nominal length as \c buflen, after
* checking that the output buffer is large enough.
* See the description of the \p buflen parameter for
* how to calculate the nominal length.
*
* \note If the private key was not set in \p key,
* the output is unspecified. Future versions
* may return an error in that case.
*
* \note This function does not support Curve448 yet.
*
* \param key The private key. * \param key The private key.
* \param buf The output buffer for containing the binary representation * \param buf The output buffer for containing the binary representation
* of the key. (Big endian integer for Weierstrass curves, byte * of the key.
* string for Montgomery curves.) * For Weierstrass curves, this is the big-endian
* representation, padded with null bytes at the beginning
* to reach \p buflen bytes.
* For Montgomery curves, this is the standard byte string
* representation (which is little-endian), padded with
* null bytes at the end to reach \p buflen bytes.
* \param buflen The total length of the buffer in bytes. * \param buflen The total length of the buffer in bytes.
* The length of the output is
* (`grp->nbits` + 7) / 8 bytes
* where `grp->nbits` is the private key size in bits.
* For Weierstrass keys, if the output buffer is smaller,
* leading zeros are trimmed to fit if possible. For
* Montgomery keys, the output buffer must always be large
* enough for the nominal length.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
representation is larger than the available space in \p buf. * #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for * representation is larger than the available space in \p buf.
* the group is not implemented.
* \return Another negative error code on different kinds of failure. * \return Another negative error code on different kinds of failure.
*/ */
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,

2
include/psa/crypto_values.h
View File

@@ -400,7 +400,7 @@
((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR) ((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
/** The public key type corresponding to a key pair type. /** The public key type corresponding to a key pair type.
* *
* You may also pass a key pair type as \p type, it will be left unchanged. * You may also pass a public key type as \p type, it will be left unchanged.
* *
* \param type A public key type or key pair type. * \param type A public key type or key pair type.
* *

14
library/ecp.c
View File

@@ -927,7 +927,7 @@ int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
size_t plen; size_t plen;
ECP_VALIDATE_RET(grp != NULL); ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL); ECP_VALIDATE_RET(pt != NULL);
ECP_VALIDATE_RET(buf != NULL); ECP_VALIDATE_RET(ilen == 0 || buf != NULL);
if (ilen < 1) { if (ilen < 1) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@@ -996,7 +996,7 @@ int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
ECP_VALIDATE_RET(grp != NULL); ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL); ECP_VALIDATE_RET(pt != NULL);
ECP_VALIDATE_RET(buf != NULL); ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL); ECP_VALIDATE_RET(buf_len == 0 || *buf != NULL);
/* /*
* We must have at least two bytes (1 for length, at least one for data) * We must have at least two bytes (1 for length, at least one for data)
@@ -1068,7 +1068,7 @@ int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
mbedtls_ecp_group_id grp_id; mbedtls_ecp_group_id grp_id;
ECP_VALIDATE_RET(grp != NULL); ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL); ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL); ECP_VALIDATE_RET(len == 0 || *buf != NULL);
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) { if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
return ret; return ret;
@@ -1088,7 +1088,7 @@ int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
const mbedtls_ecp_curve_info *curve_info; const mbedtls_ecp_curve_info *curve_info;
ECP_VALIDATE_RET(grp != NULL); ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL); ECP_VALIDATE_RET(buf != NULL);
ECP_VALIDATE_RET(*buf != NULL); ECP_VALIDATE_RET(len == 0 || *buf != NULL);
/* /*
* We expect at least three bytes (see below) * We expect at least three bytes (see below)
@@ -2614,8 +2614,8 @@ static int ecp_mul_mxz(mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
/* RP.X might be slightly larger than P, so reduce it */ /* RP.X might be slightly larger than P, so reduce it */
MOD_ADD(RP.X); MOD_ADD(RP.X);
/* Randomize coordinates of the starting point */
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
/* Derandomize coordinates of the starting point */
if (f_rng == NULL) { if (f_rng == NULL) {
have_rng = 0; have_rng = 0;
} }
@@ -3358,10 +3358,10 @@ cleanup:
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
unsigned char *buf, size_t buflen) unsigned char *buf, size_t buflen)
{ {
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET(key != NULL); ECP_VALIDATE_RET(key != NULL);
ECP_VALIDATE_RET(buf != NULL); ECP_VALIDATE_RET(buflen == 0 || buf != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) { if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {

14
library/ecp_curves.c
View File

@@ -535,10 +535,10 @@ static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_
*/ */
static inline void ecp_mpi_set1(mbedtls_mpi *X) static inline void ecp_mpi_set1(mbedtls_mpi *X)
{ {
static mbedtls_mpi_uint one[] = { 1 }; static const mbedtls_mpi_uint one[] = { 1 };
X->s = 1; X->s = 1;
X->n = 1; X->n = 1;
X->p = one; X->p = (mbedtls_mpi_uint *) one; /* X->p will not be modified so the cast is safe */
} }
/* /*
@@ -1348,7 +1348,7 @@ cleanup:
*/ */
#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P #define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R #define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs, static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, mbedtls_mpi_uint mask) size_t adjust, size_t shift, mbedtls_mpi_uint mask)
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -1362,7 +1362,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
/* Init R */ /* Init R */
R.s = 1; R.s = 1;
R.p = Rp; R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
R.n = P_KOBLITZ_R; R.n = P_KOBLITZ_R;
/* Common setup for M */ /* Common setup for M */
@@ -1433,7 +1433,7 @@ cleanup:
*/ */
static int ecp_mod_p192k1(mbedtls_mpi *N) static int ecp_mod_p192k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };
@@ -1450,7 +1450,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
*/ */
static int ecp_mod_p224k1(mbedtls_mpi *N) static int ecp_mod_p224k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };
@@ -1472,7 +1472,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
*/ */
static int ecp_mod_p256k1(mbedtls_mpi *N) static int ecp_mod_p256k1(mbedtls_mpi *N)
{ {
static mbedtls_mpi_uint Rp[] = { static const mbedtls_mpi_uint Rp[] = {
MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
0x00) 0x00)
}; };

2
library/entropy_poll.c
View File

@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/ */
#if defined(__linux__) && !defined(_GNU_SOURCE) #if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
/* Ensure that syscall() is available even when compiling with -std=c99 */ /* Ensure that syscall() is available even when compiling with -std=c99 */
#define _GNU_SOURCE #define _GNU_SOURCE
#endif #endif

18
library/pk_wrap.c
View File

@@ -53,7 +53,23 @@ static int rsa_can_do(mbedtls_pk_type_t type)
static size_t rsa_get_bitlen(const void *ctx) static size_t rsa_get_bitlen(const void *ctx)
{ {
const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx; const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) ctx;
return 8 * mbedtls_rsa_get_len(rsa); /* Unfortunately, the rsa.h interface does not have a direct way
* to access the bit-length that works with MBEDTLS_RSA_ALT.
* So we have to do a little work here.
*/
mbedtls_mpi N;
mbedtls_mpi_init(&N);
int ret = mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, NULL);
/* If the export fails for some reason (e.g. the RSA_ALT implementation
* does not support export, or there is not enough memory),
* we have no way of returning an error from this function.
* As a fallback, return the byte-length converted in bits, which is
* the correct value if the modulus size is a multiple of 8 bits, which
* is very often the case in practice. */
size_t bitlen = (ret == 0 ? mbedtls_mpi_bitlen(&N) :
8 * mbedtls_rsa_get_len(rsa));
mbedtls_mpi_free(&N);
return bitlen;
} }
static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg,

4
library/platform_util.c
View File

@@ -66,10 +66,10 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
#include <time.h> #include <time.h>
#if !defined(_WIN32) && (defined(unix) || \ #if !defined(_WIN32) && (defined(unix) || \
defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
defined(__MACH__))) defined(__MACH__)) || defined(__midipix__))
#include <unistd.h> #include <unistd.h>
#endif /* !_WIN32 && (unix || __unix || __unix__ || #endif /* !_WIN32 && (unix || __unix || __unix__ ||
* (__APPLE__ && __MACH__)) */ * (__APPLE__ && __MACH__)) || __midipix__ */
#if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \ #if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) || \
(defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \ (defined(_POSIX_THREAD_SAFE_FUNCTIONS) && \

57
library/psa_crypto.c
View File

@@ -4822,21 +4822,10 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
return status; return status;
} }
static psa_status_t psa_key_derivation_setup_kdf( static psa_status_t psa_key_derivation_set_maximum_capacity(
psa_key_derivation_operation_t *operation, psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg) psa_algorithm_t kdf_alg)
{ {
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}
/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
size_t hash_size = PSA_HASH_LENGTH(hash_alg); size_t hash_size = PSA_HASH_LENGTH(hash_alg);
if (hash_size == 0) { if (hash_size == 0) {
@@ -4851,14 +4840,48 @@ static psa_status_t psa_key_derivation_setup_kdf(
return status; return status;
} }
if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || #if defined(PSA_WANT_ALG_HKDF)
PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) && if (PSA_ALG_IS_HKDF(kdf_alg)) {
!(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { operation->capacity = 255 * hash_size;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PRF)
if (PSA_ALG_IS_TLS12_PRF(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
operation->capacity = SIZE_MAX;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
/* Master Secret is always 48 bytes
* https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */
operation->capacity = 48U;
} else
#endif
{
(void) hash_size;
status = PSA_ERROR_NOT_SUPPORTED;
}
return status;
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED; return PSA_ERROR_NOT_SUPPORTED;
} }
operation->capacity = 255 * hash_size; psa_status_t status = psa_key_derivation_set_maximum_capacity(operation,
return PSA_SUCCESS; kdf_alg);
return status;
} }
static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg) static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)

40
library/ssl_tls.c
View File

@@ -5204,6 +5204,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0 #define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1
#else
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1 #define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
#else #else
@@ -5241,6 +5247,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4 #define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4
#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5 #define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6 #define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 7
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \ #define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
((uint16_t) ( \ ((uint16_t) ( \
@@ -5252,9 +5259,11 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer(const mbedtls_ssl_con
(SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \ (SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \
SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \ SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \ (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT))) (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \
SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT)))
static unsigned char ssl_serialized_session_header[] = { static const unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
@@ -5278,19 +5287,36 @@ static unsigned char ssl_serialized_session_header[] = {
* // the setting of those compile-time * // the setting of those compile-time
* // configuration options which influence * // configuration options which influence
* // the structure of mbedtls_ssl_session. * // the structure of mbedtls_ssl_session.
* #if defined(MBEDTLS_HAVE_TIME)
* uint64 start_time; * uint64 start_time;
* #endif
* uint8 ciphersuite[2]; // defined by the standard * uint8 ciphersuite[2]; // defined by the standard
* uint8 compression; // 0 or 1 * uint8 compression; // 0 or 1
* uint8 session_id_len; // at most 32 * uint8 session_id_len; // at most 32
* opaque session_id[32]; * opaque session_id[32];
* opaque master[48]; // fixed length in the standard * opaque master[48]; // fixed length in the standard
* uint32 verify_result; * uint32 verify_result;
* #if defined(MBEDTLS_X509_CRT_PARSE_C)
* #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
* opaque peer_cert<0..2^24-1>; // length 0 means no peer cert * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
* #else
* uint8 peer_cert_digest_type;
* opaque peer_cert_digest<0..2^8-1>
* #endif
* #endif
* #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
* opaque ticket<0..2^24-1>; // length 0 means no ticket * opaque ticket<0..2^24-1>; // length 0 means no ticket
* uint32 ticket_lifetime; * uint32 ticket_lifetime;
* #endif
* #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
* uint8 mfl_code; // up to 255 according to standard * uint8 mfl_code; // up to 255 according to standard
* #endif
* #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
* uint8 trunc_hmac; // 0 or 1 * uint8 trunc_hmac; // 0 or 1
* #endif
* #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
* uint8 encrypt_then_mac; // 0 or 1 * uint8 encrypt_then_mac; // 0 or 1
* #endif
* *
* The order is the same as in the definition of the structure, except * The order is the same as in the definition of the structure, except
* verify_result is put before peer_cert so that all mandatory fields come * verify_result is put before peer_cert so that all mandatory fields come
@@ -6123,7 +6149,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
(SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \ (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
0u)) 0u))
static unsigned char ssl_serialized_context_header[] = { static const unsigned char ssl_serialized_context_header[] = {
MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_MINOR,
MBEDTLS_VERSION_PATCH, MBEDTLS_VERSION_PATCH,
@@ -6821,7 +6847,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
} }
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static int ssl_preset_default_hashes[] = { static const int ssl_preset_default_hashes[] = {
#if defined(MBEDTLS_SHA512_C) #if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512, MBEDTLS_MD_SHA512,
#endif #endif
@@ -6839,14 +6865,14 @@ static int ssl_preset_default_hashes[] = {
}; };
#endif #endif
static int ssl_preset_suiteb_ciphersuites[] = { static const int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
0 0
}; };
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
static int ssl_preset_suiteb_hashes[] = { static const int ssl_preset_suiteb_hashes[] = {
MBEDTLS_MD_SHA256, MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA384, MBEDTLS_MD_SHA384,
MBEDTLS_MD_NONE MBEDTLS_MD_NONE
@@ -6854,7 +6880,7 @@ static int ssl_preset_suiteb_hashes[] = {
#endif #endif
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
static mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = { static const mbedtls_ecp_group_id ssl_preset_suiteb_curves[] = {
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
MBEDTLS_ECP_DP_SECP256R1, MBEDTLS_ECP_DP_SECP256R1,
#endif #endif

2
programs/pkey/gen_key.c
View File

@@ -188,6 +188,7 @@ int main(int argc, char *argv[])
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&key); mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf)); memset(buf, 0, sizeof(buf));
@@ -275,7 +276,6 @@ usage:
mbedtls_printf("\n . Seeding the random number generator..."); mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout); fflush(stdout);
mbedtls_entropy_init(&entropy);
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO) #if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
if (opt.use_dev_random) { if (opt.use_dev_random) {
if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll, if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,

2
programs/ssl/ssl_client2.c
View File

@@ -731,7 +731,7 @@ int main(int argc, char *argv[])
mbedtls_net_init(&server_fd); mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl); mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf); mbedtls_ssl_config_init(&conf);
memset(&saved_session, 0, sizeof(mbedtls_ssl_session)); mbedtls_ssl_session_init(&saved_session);
rng_init(&rng); rng_init(&rng);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init(&cacert); mbedtls_x509_crt_init(&cacert);

2
scripts/generate_visualc_files.pl
View File

@@ -168,7 +168,7 @@ sub gen_app {
} }
sub get_app_list { sub get_app_list {
my $app_list = `cd $programs_dir && make list`; my $app_list = `cd $programs_dir && VERBOSE_LOGS=1 make list`;
die "make list failed: $!\n" if $?; die "make list failed: $!\n" if $?;
return split /\s+/, $app_list; return split /\s+/, $app_list;

17
tests/scripts/all.sh
View File

@@ -195,10 +195,21 @@ pre_initialize_variables () {
# defined in this script whose name starts with "component_". # defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
# Delay determinig SUPPORTED_COMPONENTS until the command line options have a chance to override # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment # the commands set by the environment
} }
setup_quiet_wrappers()
{
# Pick up "quiet" wrappers for make and cmake, which don't output very much
# unless there is an error. This reduces logging overhead in the CI.
#
# Note that the cmake wrapper breaks unless we use an absolute path here.
if [[ -e ${PWD}/tests/scripts/quiet ]]; then
export PATH=${PWD}/tests/scripts/quiet:$PATH
fi
}
# Test whether the component $1 is included in the command line patterns. # Test whether the component $1 is included in the command line patterns.
is_component_included() is_component_included()
{ {
@@ -1008,6 +1019,9 @@ EOF
} }
component_test_zlib_cmake() { component_test_zlib_cmake() {
# This is needed due to something parsing the output from make
export VERBOSE_LOGS=1
msg "build: zlib enabled, cmake" msg "build: zlib enabled, cmake"
scripts/config.py set MBEDTLS_ZLIB_SUPPORT scripts/config.py set MBEDTLS_ZLIB_SUPPORT
cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release . cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release .
@@ -3744,6 +3758,7 @@ pre_check_environment
pre_initialize_variables pre_initialize_variables
pre_parse_command_line "$@" pre_parse_command_line "$@"
setup_quiet_wrappers
pre_check_git pre_check_git
pre_restore_files pre_restore_files
pre_back_up pre_back_up

2
tests/scripts/check_files.py
View File

@@ -172,6 +172,8 @@ class ShebangIssueTracker(FileIssueTracker):
b'sh': 'sh', b'sh': 'sh',
} }
path_exemptions = re.compile(r'tests/scripts/quiet/.*')
def is_valid_shebang(self, first_line, filepath): def is_valid_shebang(self, first_line, filepath):
m = re.match(self._shebang_re, first_line) m = re.match(self._shebang_re, first_line)
if not m: if not m:

5
tests/scripts/depends.py
View File

@@ -192,7 +192,10 @@ and subsequent commands are tests that cannot run if the build failed).'''
success = True success = True
for command in self.commands: for command in self.commands:
log_command(command) log_command(command)
ret = subprocess.call(command) env = os.environ.copy()
if 'MBEDTLS_TEST_CONFIGURATION' in env:
env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name
ret = subprocess.call(command, env=env)
if ret != 0: if ret != 0:
if command[0] not in ['make', options.make_command]: if command[0] not in ['make', options.make_command]:
log_line('*** [{}] Error {}'.format(' '.join(command), ret)) log_line('*** [{}] Error {}'.format(' '.join(command), ret))

19
tests/scripts/quiet/cmake Executable file
View File

@@ -0,0 +1,19 @@
#! /usr/bin/env bash
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# This swallows the output of the wrapped tool, unless there is an error.
# This helps reduce excess logging in the CI.
# If you are debugging a build / CI issue, you can get complete unsilenced logs
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
# export VERBOSE_LOGS=1
# don't silence invocations containing these arguments
export NO_SILENCE=" --version "
export TOOL="cmake"
exec "$(dirname "$0")/quiet.sh" "$@"

19
tests/scripts/quiet/make Executable file
View File

@@ -0,0 +1,19 @@
#! /usr/bin/env bash
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# This swallows the output of the wrapped tool, unless there is an error.
# This helps reduce excess logging in the CI.
# If you are debugging a build / CI issue, you can get complete unsilenced logs
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
# export VERBOSE_LOGS=1
# don't silence invocations containing these arguments
export NO_SILENCE=" --version | test "
export TOOL="make"
exec "$(dirname "$0")/quiet.sh" "$@"

75
tests/scripts/quiet/quiet.sh Executable file
View File

@@ -0,0 +1,75 @@
# -*-mode: sh; sh-shell: bash -*-
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
#
# This swallows the output of the wrapped tool, unless there is an error.
# This helps reduce excess logging in the CI.
# If you are debugging a build / CI issue, you can get complete unsilenced logs
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
#
# VERBOSE_LOGS=1
#
# This script provides most of the functionality for the adjacent make and cmake
# wrappers.
#
# It requires two variables to be set:
#
# TOOL - the name of the tool that is being wrapped (with no path), e.g. "make"
#
# NO_SILENCE - a regex that describes the commandline arguments for which output will not
# be silenced, e.g. " --version | test ". In this example, "make lib test" will
# not be silent, but "make lib" will be.
# Locate original tool
TOOL_WITH_PATH=$(dirname "$0")/$TOOL
ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1)
print_quoted_args() {
# similar to printf '%q' "$@"
# but produce more human-readable results for common/simple cases like "a b"
for a in "$@"; do
# Get bash to quote the string
printf -v q '%q' "$a"
simple_pattern="^([-[:alnum:]_+./:@]+=)?([^']*)$"
if [[ "$a" != "$q" && $a =~ $simple_pattern ]]; then
# a requires some quoting (a != q), but has no single quotes, so we can
# simplify the quoted form - e.g.:
# a b -> 'a b'
# CFLAGS=a b -> CFLAGS='a b'
q="${BASH_REMATCH[1]}'${BASH_REMATCH[2]}'"
fi
printf " %s" "$q"
done
}
if [[ ! " $* " =~ " --version " ]]; then
# Display the command being invoked - if it succeeds, this is all that will
# be displayed. Don't do this for invocations with --version, because
# this output is often parsed by scripts, so we don't want to modify it.
printf %s "${TOOL}" 1>&2
print_quoted_args "$@" 1>&2
echo 1>&2
fi
if [[ " $@ " =~ $NO_SILENCE || -n "${VERBOSE_LOGS}" ]]; then
# Run original command with no output supression
exec "${ORIGINAL_TOOL}" "$@"
else
# Run original command and capture output & exit status
TMPFILE=$(mktemp "quiet-${TOOL}.XXXXXX")
"${ORIGINAL_TOOL}" "$@" > "${TMPFILE}" 2>&1
EXIT_STATUS=$?
if [[ $EXIT_STATUS -ne 0 ]]; then
# On error, display the full output
cat "${TMPFILE}"
fi
# Remove tmpfile
rm "${TMPFILE}"
# Propagate the exit status
exit $EXIT_STATUS
fi

116
tests/suites/test_suite_ecp.data
View File

@@ -550,6 +550,122 @@ ECP read key #16 (Curve25519 RFC, OK)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1 mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1
ECP write key: secp256r1, nominal
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":32:0
ECP write key: secp256r1, output longer by 1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":33:0
ECP write key: secp256r1, output longer by 32
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":64:0
ECP write key: secp256r1, output longer by 33
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":65:0
ECP write key: secp256r1, output short by 1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":31:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp256r1, output_size=1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp256r1, output_size=0
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp256r1, top byte = 0, output_size=32
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":32:0
ECP write key: secp256r1, top byte = 0, output_size=31 (fits)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":31:0
ECP write key: secp256r1, top byte = 0, output_size=30 (too small)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":30:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp256r1, mostly-0 key, output_size=32
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":32:0
ECP write key: secp256r1, mostly-0 key, output_size=31 (fits)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":31:0
ECP write key: secp256r1, mostly-0 key, output_size=1 (fits)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":1:0
ECP write key: secp384r1, nominal
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":48:0
ECP write key: secp384r1, output longer by 1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":49:0
ECP write key: secp384r1, output longer by 48
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":96:0
ECP write key: secp384r1, output longer by 49
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":97:0
ECP write key: secp384r1, output short by 1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":47:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp384r1, output_size=1
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: secp384r1, output_size=0
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
ECP write key: Curve25519, nominal
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":32:0
ECP write key: Curve25519, output longer by 1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":33:0
ECP write key: Curve25519, output longer by 32
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":64:0
ECP write key: Curve25519, output longer by 33
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":65:0
ECP write key: Curve25519, output short by 1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
ECP write key: Curve25519, output_size=1
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
ECP write key: Curve25519, output_size=0
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
ECP write key: Curve25519, mostly-0 key, output_size=32
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":32:0
ECP write key: Curve25519, mostly-0 key, output_size=31
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits) ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100" ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"

60
tests/suites/test_suite_ecp.function
View File

@@ -1383,6 +1383,66 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */
void ecp_write_key(int grp_id, data_t *in_key,
int exported_size, int expected_ret)
{
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init(&key);
unsigned char *exported = NULL;
TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len), 0);
TEST_CALLOC(exported, exported_size);
TEST_EQUAL(mbedtls_ecp_write_key(&key, exported, exported_size),
expected_ret);
if (expected_ret == 0) {
size_t length = (key.grp.nbits + 7) / 8;
const unsigned char *key_start = NULL;
const unsigned char *zeros_start = NULL;
switch (mbedtls_ecp_get_type(&key.grp)) {
case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
if ((size_t) exported_size < length) {
length = exported_size;
}
key_start = exported + exported_size - length;
zeros_start = exported;
break;
case MBEDTLS_ECP_TYPE_MONTGOMERY:
TEST_LE_U(length, exported_size);
key_start = exported;
zeros_start = exported + length;
break;
default:
TEST_FAIL("Unknown ECP curve type");
break;
}
if (length < in_key->len) {
/* Shorter output (only possible with Weierstrass keys) */
for (size_t i = 0; i < in_key->len - length; i++) {
mbedtls_test_set_step(i);
TEST_EQUAL(in_key->x[i], 0);
}
TEST_MEMORY_COMPARE(in_key->x + in_key->len - length, length,
key_start, length);
} else {
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
key_start, length);
for (size_t i = 0; i < exported_size - length; i++) {
mbedtls_test_set_step(i);
TEST_EQUAL(zeros_start[i], 0);
}
}
}
exit:
mbedtls_ecp_keypair_free(&key);
mbedtls_free(exported);
}
/* END_CASE */
/* BEGIN_CASE depends_on:HAVE_FIX_NEGATIVE */ /* BEGIN_CASE depends_on:HAVE_FIX_NEGATIVE */
void fix_negative(data_t *N_bin, int c, int bits) void fix_negative(data_t *N_bin, int c, int bits)
{ {

13
tests/suites/test_suite_pk.data
View File

@@ -12,6 +12,19 @@ PK utils: RSA 512-bit
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA" pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
# mbedtls_rsa_gen_key() only supports even sizes, so we don't test 513 etc.
PK utils: RSA 514-bit
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:514:514:65:"RSA"
PK utils: RSA 516-bit
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:516:516:65:"RSA"
PK utils: RSA 518-bit
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:518:518:65:"RSA"
PK utils: ECKEY SECP192R1 PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC" pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"

22
tests/suites/test_suite_pk.function
View File

@@ -18,6 +18,13 @@
#define RSA_KEY_SIZE 512 #define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64 #define RSA_KEY_LEN 64
#if defined(MBEDTLS_RSA_C) || \
defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_USE_PSA_CRYPTO)
#define PK_CAN_SIGN_SOME
#endif
/** Generate a key of the desired type. /** Generate a key of the desired type.
* *
* \param pk The PK object to fill. It must have been initialized * \param pk The PK object to fill. It must have been initialized
@@ -155,7 +162,7 @@ void pk_psa_utils()
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0);
TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen); TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen);
TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8); TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8);
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1); TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 1);
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1); TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA) == 1);
@@ -683,7 +690,7 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk); rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8; rsa->len = (mod + 7) / 8;
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
@@ -731,7 +738,7 @@ void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest,
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk); rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8; rsa->len = (mod + 7) / 8;
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
@@ -894,7 +901,7 @@ exit:
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:PK_CAN_SIGN_SOME */
void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret) void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret)
{ {
mbedtls_pk_context pk; mbedtls_pk_context pk;
@@ -1004,7 +1011,7 @@ void pk_rsa_encrypt_test_vec(data_t *message, int mod,
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk); rsa = mbedtls_pk_rsa(pk);
rsa->len = mod / 8; rsa->len = (mod + 7) / 8;
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
@@ -1053,9 +1060,12 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0); TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0); TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0);
TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8)); TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8);
TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0); TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0);
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8);
/* decryption test */ /* decryption test */
memset(output, 0, sizeof(output)); memset(output, 0, sizeof(output));
olen = 0; olen = 0;

16
tests/suites/test_suite_pkparse.data
View File

@@ -938,6 +938,22 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit
depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C depends_on:MBEDTLS_DES_C:MBEDTLS_SHA512_C:MBEDTLS_PKCS5_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #100.1 (512-bit)
depends_on:MBEDTLS_PEM_C
pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0
Parse RSA Key #100.1 (521-bit)
depends_on:MBEDTLS_PEM_C
pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0
Parse RSA Key #100.1 (522-bit)
depends_on:MBEDTLS_PEM_C
pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0
Parse RSA Key #100.1 (528-bit)
depends_on:MBEDTLS_PEM_C
pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0
Parse Public RSA Key #1 (PKCS#8 wrapped) Parse Public RSA Key #1 (PKCS#8 wrapped)
depends_on:MBEDTLS_PEM_PARSE_C depends_on:MBEDTLS_PEM_PARSE_C
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0 pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0

8
tests/suites/test_suite_pkparse.function
View File

@@ -32,6 +32,10 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx); rsa = mbedtls_pk_rsa(ctx);
TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0); TEST_ASSERT(mbedtls_rsa_check_privkey(rsa) == 0);
/* Test consistency between get_len and get_bitlen */
size_t bitlen = mbedtls_pk_get_bitlen(&ctx);
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
} }
exit: exit:
@@ -58,6 +62,10 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result)
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA)); TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
rsa = mbedtls_pk_rsa(ctx); rsa = mbedtls_pk_rsa(ctx);
TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0); TEST_ASSERT(mbedtls_rsa_check_pubkey(rsa) == 0);
/* Test consistency between get_len and get_bitlen */
size_t bitlen = mbedtls_pk_get_bitlen(&ctx);
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
} }
exit: exit:

47
tests/suites/test_suite_psa_crypto.data
View File

@@ -3602,6 +3602,25 @@ PSA key derivation: HKDF SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
# TLS 1.2 PRF does not have a maximum capacity therefore
# derive_set_capacity negative test case is not added
PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):48U + 1U:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, request too much capacity
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):48U + 1U:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: TLS 1.2 PRF SHA-256, request maximum capacity
depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_256
derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):SIZE_MAX:PSA_SUCCESS
PSA key derivation: TLS 1.2 PRF SHA-384, request maximum capacity
depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_384
derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):SIZE_MAX:PSA_SUCCESS
PSA key derivation: over capacity 42: output 42+1 PSA key derivation: over capacity 42: output 42+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff" derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
@@ -3622,17 +3641,33 @@ PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
PSA key derivation: HKDF SHA-512, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1
PSA key derivation: HKDF SHA-256, read maximum capacity PSA key derivation: HKDF SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1 PSA key derivation: HKDF SHA-512, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512)
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47
PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47
PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48
PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48
PSA key derivation: HKDF SHA-256, exercise AES128-CTR PSA key derivation: HKDF SHA-256, exercise AES128-CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES

4
tests/suites/test_suite_psa_crypto.function
View File

@@ -4470,7 +4470,7 @@ exit:
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE */ /* BEGIN_CASE */
void derive_set_capacity(int alg_arg, int capacity_arg, void derive_set_capacity(int alg_arg, int64_t capacity_arg,
int expected_status_arg) int expected_status_arg)
{ {
psa_algorithm_t alg = alg_arg; psa_algorithm_t alg = alg_arg;
@@ -4792,7 +4792,7 @@ void derive_full(int alg_arg,
psa_algorithm_t alg = alg_arg; psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg; size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16]; unsigned char output_buffer[32];
size_t expected_capacity = requested_capacity; size_t expected_capacity = requested_capacity;
size_t current_capacity; size_t current_capacity;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;