Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
This commit is contained in:
commit
266f79c136
15 changed files with 678 additions and 98 deletions
5
ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt
Normal file
5
ChangeLog.d/psa_driver_wrapper_for_raw_key_agreement.txt
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
Features
|
||||||
|
* Add a driver dispatch layer for raw key agreement, enabling alternative
|
||||||
|
implementations of raw key agreement through the key_agreement driver
|
||||||
|
entry point. This entry point is specified in the proposed PSA driver
|
||||||
|
interface, but had not yet been implemented.
|
|
@ -5723,63 +5723,46 @@ psa_status_t psa_key_derivation_input_key(
|
||||||
/* Key agreement */
|
/* Key agreement */
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
psa_status_t psa_key_agreement_raw_builtin( const psa_key_attributes_t *attributes,
|
||||||
static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
size_t peer_key_length,
|
size_t peer_key_length,
|
||||||
const mbedtls_ecp_keypair *our_key,
|
|
||||||
uint8_t *shared_secret,
|
uint8_t *shared_secret,
|
||||||
size_t shared_secret_size,
|
size_t shared_secret_size,
|
||||||
size_t *shared_secret_length )
|
size_t *shared_secret_length )
|
||||||
{
|
{
|
||||||
mbedtls_ecp_keypair *their_key = NULL;
|
switch( alg )
|
||||||
mbedtls_ecdh_context ecdh;
|
{
|
||||||
psa_status_t status;
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
size_t bits = 0;
|
case PSA_ALG_ECDH:
|
||||||
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits );
|
return( mbedtls_psa_key_agreement_ecdh( attributes, key_buffer,
|
||||||
mbedtls_ecdh_init( &ecdh );
|
key_buffer_size, alg,
|
||||||
|
peer_key, peer_key_length,
|
||||||
status = mbedtls_psa_ecp_load_representation(
|
shared_secret,
|
||||||
PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
|
shared_secret_size,
|
||||||
bits,
|
shared_secret_length ) );
|
||||||
peer_key,
|
|
||||||
peer_key_length,
|
|
||||||
&their_key );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = mbedtls_to_psa_error(
|
|
||||||
mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
status = mbedtls_to_psa_error(
|
|
||||||
mbedtls_ecdh_get_params( &ecdh, our_key, MBEDTLS_ECDH_OURS ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = mbedtls_to_psa_error(
|
|
||||||
mbedtls_ecdh_calc_secret( &ecdh,
|
|
||||||
shared_secret_length,
|
|
||||||
shared_secret, shared_secret_size,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE ) );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
|
|
||||||
status = PSA_ERROR_CORRUPTION_DETECTED;
|
|
||||||
|
|
||||||
exit:
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
|
|
||||||
mbedtls_ecdh_free( &ecdh );
|
|
||||||
mbedtls_ecp_keypair_free( their_key );
|
|
||||||
mbedtls_free( their_key );
|
|
||||||
|
|
||||||
return( status );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
|
||||||
|
default:
|
||||||
|
(void) attributes;
|
||||||
|
(void) key_buffer;
|
||||||
|
(void) key_buffer_size;
|
||||||
|
(void) peer_key;
|
||||||
|
(void) peer_key_length;
|
||||||
|
(void) shared_secret;
|
||||||
|
(void) shared_secret_size;
|
||||||
|
(void) shared_secret_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
|
/** Internal function for raw key agreement
|
||||||
|
* Calls the driver wrapper which will hand off key agreement task
|
||||||
|
* to the driver's implementation if a driver is present.
|
||||||
|
* Fallback specified in the driver wrapper is built-in raw key agreement
|
||||||
|
* (psa_key_agreement_raw_builtin).
|
||||||
|
*/
|
||||||
static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
|
static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
|
||||||
psa_key_slot_t *private_key,
|
psa_key_slot_t *private_key,
|
||||||
const uint8_t *peer_key,
|
const uint8_t *peer_key,
|
||||||
|
@ -5788,38 +5771,20 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
|
||||||
size_t shared_secret_size,
|
size_t shared_secret_size,
|
||||||
size_t *shared_secret_length )
|
size_t *shared_secret_length )
|
||||||
{
|
{
|
||||||
switch( alg )
|
if( !PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
|
||||||
{
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
|
||||||
case PSA_ALG_ECDH:
|
psa_key_attributes_t attributes = {
|
||||||
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( private_key->attr.type ) )
|
.core = private_key->attr
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
};
|
||||||
mbedtls_ecp_keypair *ecp = NULL;
|
|
||||||
psa_status_t status = mbedtls_psa_ecp_load_representation(
|
return( psa_driver_wrapper_key_agreement( &attributes,
|
||||||
private_key->attr.type,
|
private_key->key.data,
|
||||||
private_key->attr.bits,
|
private_key->key.bytes, alg,
|
||||||
private_key->key.data,
|
peer_key, peer_key_length,
|
||||||
private_key->key.bytes,
|
shared_secret,
|
||||||
&ecp );
|
shared_secret_size,
|
||||||
if( status != PSA_SUCCESS )
|
shared_secret_length ) );
|
||||||
return( status );
|
|
||||||
status = psa_key_agreement_ecdh( peer_key, peer_key_length,
|
|
||||||
ecp,
|
|
||||||
shared_secret, shared_secret_size,
|
|
||||||
shared_secret_length );
|
|
||||||
mbedtls_ecp_keypair_free( ecp );
|
|
||||||
mbedtls_free( ecp );
|
|
||||||
return( status );
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
|
|
||||||
default:
|
|
||||||
(void) private_key;
|
|
||||||
(void) peer_key;
|
|
||||||
(void) peer_key_length;
|
|
||||||
(void) shared_secret;
|
|
||||||
(void) shared_secret_size;
|
|
||||||
(void) shared_secret_length;
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Note that if this function fails, you must call psa_key_derivation_abort()
|
/* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||||
|
@ -5832,7 +5797,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
|
||||||
size_t peer_key_length )
|
size_t peer_key_length )
|
||||||
{
|
{
|
||||||
psa_status_t status;
|
psa_status_t status;
|
||||||
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
|
uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
|
||||||
size_t shared_secret_length = 0;
|
size_t shared_secret_length = 0;
|
||||||
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
|
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
|
||||||
|
|
||||||
|
|
|
@ -549,4 +549,62 @@ psa_status_t psa_verify_hash_builtin(
|
||||||
*/
|
*/
|
||||||
psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
|
psa_status_t psa_validate_unstructured_key_bit_size( psa_key_type_t type,
|
||||||
size_t bits );
|
size_t bits );
|
||||||
|
|
||||||
|
/** Perform a key agreement and return the raw shared secret, using
|
||||||
|
built-in raw key agreement functions.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* key_agreement entry point. This function behaves as a key_agreement
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the private key
|
||||||
|
* context.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[in] alg A key agreement algorithm that is
|
||||||
|
* compatible with the type of the key.
|
||||||
|
* \param[in] peer_key The buffer containing the key context
|
||||||
|
* of the peer's public key.
|
||||||
|
* \param[in] peer_key_length Size of the \p peer_key buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[out] shared_secret The buffer to which the shared secret
|
||||||
|
* is to be written.
|
||||||
|
* \param[in] shared_secret_size Size of the \p shared_secret buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[out] shared_secret_length On success, the number of bytes that make
|
||||||
|
* up the returned shared secret.
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* Success. Shared secret successfully calculated.
|
||||||
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
|
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \p alg is not a key agreement algorithm, or
|
||||||
|
* \p private_key is not compatible with \p alg,
|
||||||
|
* or \p peer_key is not valid for \p alg or not compatible with
|
||||||
|
* \p private_key.
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* \p shared_secret_size is too small
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \p alg is not a supported key agreement algorithm.
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||||
|
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||||
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||||
|
* \retval #PSA_ERROR_STORAGE_FAILURE
|
||||||
|
* \retval #PSA_ERROR_BAD_STATE
|
||||||
|
*/
|
||||||
|
psa_status_t psa_key_agreement_raw_builtin(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_CORE_H */
|
#endif /* PSA_CRYPTO_CORE_H */
|
||||||
|
|
|
@ -357,6 +357,20 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
|
||||||
size_t output_size,
|
size_t output_size,
|
||||||
size_t *output_length );
|
size_t *output_length );
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Raw Key Agreement
|
||||||
|
*/
|
||||||
|
psa_status_t psa_driver_wrapper_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
|
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
|
||||||
|
|
||||||
/* End of automatically generated file. */
|
/* End of automatically generated file. */
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
#include "mbedtls/platform.h"
|
#include "mbedtls/platform.h"
|
||||||
|
|
||||||
#include <mbedtls/ecdsa.h>
|
#include <mbedtls/ecdsa.h>
|
||||||
|
#include <mbedtls/ecdh.h>
|
||||||
#include <mbedtls/ecp.h>
|
#include <mbedtls/ecp.h>
|
||||||
#include <mbedtls/error.h>
|
#include <mbedtls/error.h>
|
||||||
|
|
||||||
|
@ -464,4 +465,76 @@ cleanup:
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
|
||||||
|
/****************************************************************/
|
||||||
|
/* ECDH Key Agreement */
|
||||||
|
/****************************************************************/
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
|
psa_status_t mbedtls_psa_key_agreement_ecdh(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret, size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length )
|
||||||
|
{
|
||||||
|
psa_status_t status;
|
||||||
|
if( ! PSA_KEY_TYPE_IS_ECC_KEY_PAIR( attributes->core.type ) ||
|
||||||
|
! PSA_ALG_IS_ECDH(alg) )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
mbedtls_ecp_keypair *ecp = NULL;
|
||||||
|
status = mbedtls_psa_ecp_load_representation(
|
||||||
|
attributes->core.type,
|
||||||
|
attributes->core.bits,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&ecp );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
mbedtls_ecp_keypair *their_key = NULL;
|
||||||
|
mbedtls_ecdh_context ecdh;
|
||||||
|
size_t bits = 0;
|
||||||
|
psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ecp->grp.id, &bits );
|
||||||
|
mbedtls_ecdh_init( &ecdh );
|
||||||
|
|
||||||
|
status = mbedtls_psa_ecp_load_representation(
|
||||||
|
PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve),
|
||||||
|
bits,
|
||||||
|
peer_key,
|
||||||
|
peer_key_length,
|
||||||
|
&their_key );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
mbedtls_ecdh_get_params( &ecdh, their_key, MBEDTLS_ECDH_THEIRS ) );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
mbedtls_ecdh_get_params( &ecdh, ecp, MBEDTLS_ECDH_OURS ) );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
status = mbedtls_to_psa_error(
|
||||||
|
mbedtls_ecdh_calc_secret( &ecdh,
|
||||||
|
shared_secret_length,
|
||||||
|
shared_secret, shared_secret_size,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE ) );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
if( PSA_BITS_TO_BYTES( bits ) != *shared_secret_length )
|
||||||
|
status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
exit:
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
mbedtls_platform_zeroize( shared_secret, shared_secret_size );
|
||||||
|
mbedtls_ecdh_free( &ecdh );
|
||||||
|
mbedtls_ecp_keypair_free( their_key );
|
||||||
|
mbedtls_free( their_key );
|
||||||
|
mbedtls_ecp_keypair_free( ecp );
|
||||||
|
mbedtls_free( ecp );
|
||||||
|
return( status );
|
||||||
|
}
|
||||||
|
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
|
||||||
|
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -218,4 +218,53 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
||||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature, size_t signature_length );
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
|
|
||||||
|
/** Perform a key agreement and return the raw ECDH shared secret.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* key_agreement entry point. This function behaves as a key_agreement
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the private key
|
||||||
|
* context.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[in] alg A key agreement algorithm that is
|
||||||
|
* compatible with the type of the key.
|
||||||
|
* \param[in] peer_key The buffer containing the key context
|
||||||
|
* of the peer's public key.
|
||||||
|
* \param[in] peer_key_length Size of the \p peer_key buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[out] shared_secret The buffer to which the shared secret
|
||||||
|
* is to be written.
|
||||||
|
* \param[in] shared_secret_size Size of the \p shared_secret buffer in
|
||||||
|
* bytes.
|
||||||
|
* \param[out] shared_secret_length On success, the number of bytes that make
|
||||||
|
* up the returned shared secret.
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* Success. Shared secret successfully calculated.
|
||||||
|
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||||
|
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \p alg is not a key agreement algorithm, or
|
||||||
|
* \p private_key is not compatible with \p alg,
|
||||||
|
* or \p peer_key is not valid for \p alg or not compatible with
|
||||||
|
* \p private_key.
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* \p shared_secret_size is too small
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \p alg is not a supported key agreement algorithm.
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_key_agreement_ecdh(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *peer_key, size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret, size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length );
|
||||||
#endif /* PSA_CRYPTO_ECP_H */
|
#endif /* PSA_CRYPTO_ECP_H */
|
||||||
|
|
|
@ -2476,4 +2476,72 @@ psa_status_t psa_driver_wrapper_asymmetric_decrypt(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
psa_status_t psa_driver_wrapper_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length
|
||||||
|
)
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
psa_key_location_t location =
|
||||||
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||||
|
|
||||||
|
switch( location )
|
||||||
|
{
|
||||||
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||||
|
/* Key is stored in the slot in export representation, so
|
||||||
|
* cycle through all known transparent accelerators */
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
|
status =
|
||||||
|
mbedtls_test_transparent_key_agreement( attributes,
|
||||||
|
key_buffer, key_buffer_size, alg, peer_key,
|
||||||
|
peer_key_length, shared_secret, shared_secret_size,
|
||||||
|
shared_secret_length );
|
||||||
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||||
|
return( status );
|
||||||
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
|
|
||||||
|
/* Software Fallback */
|
||||||
|
status = psa_key_agreement_raw_builtin( attributes,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
alg,
|
||||||
|
peer_key,
|
||||||
|
peer_key_length,
|
||||||
|
shared_secret,
|
||||||
|
shared_secret_size,
|
||||||
|
shared_secret_length );
|
||||||
|
return( status );
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
|
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
|
||||||
|
return( mbedtls_test_opaque_key_agreement( attributes,
|
||||||
|
key_buffer, key_buffer_size, alg, peer_key,
|
||||||
|
peer_key_length, shared_secret, shared_secret_size,
|
||||||
|
shared_secret_length ) );
|
||||||
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
|
|
||||||
|
default:
|
||||||
|
(void) attributes;
|
||||||
|
(void) key_buffer;
|
||||||
|
(void) key_buffer_size;
|
||||||
|
(void) peer_key;
|
||||||
|
(void) peer_key_length;
|
||||||
|
(void) shared_secret;
|
||||||
|
(void) shared_secret_size;
|
||||||
|
(void) shared_secret_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -54,6 +54,14 @@
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if defined(PSA_WANT_ALG_ECDH)
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
|
||||||
|
#undef MBEDTLS_PSA_ACCEL_ALG_ECDH
|
||||||
|
#else
|
||||||
|
#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(PSA_WANT_ALG_MD5)
|
#if defined(PSA_WANT_ALG_MD5)
|
||||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||||
#undef MBEDTLS_PSA_ACCEL_ALG_MD5
|
#undef MBEDTLS_PSA_ACCEL_ALG_MD5
|
||||||
|
@ -202,7 +210,6 @@
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
|
#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
|
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
|
#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
|
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
|
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
|
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
|
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
|
||||||
|
@ -215,6 +222,7 @@
|
||||||
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1
|
#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
|
||||||
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
|
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
|
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
|
#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
|
||||||
|
@ -229,6 +237,7 @@
|
||||||
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
|
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
|
||||||
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
|
#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
|
||||||
#endif
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
|
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
|
||||||
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
|
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
|
||||||
|
|
74
tests/include/test/drivers/key_agreement.h
Normal file
74
tests/include/test/drivers/key_agreement.h
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
/*
|
||||||
|
* Test driver for key agreement functions.
|
||||||
|
*/
|
||||||
|
/* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
|
||||||
|
#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
|
||||||
|
|
||||||
|
#include "mbedtls/build_info.h"
|
||||||
|
|
||||||
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
|
#include <psa/crypto_driver_common.h>
|
||||||
|
|
||||||
|
typedef struct {
|
||||||
|
/* If non-null, on success, copy this to the output. */
|
||||||
|
void *forced_output;
|
||||||
|
size_t forced_output_length;
|
||||||
|
/* If not PSA_SUCCESS, return this error code instead of processing the
|
||||||
|
* function call. */
|
||||||
|
psa_status_t forced_status;
|
||||||
|
/* Count the amount of times one of the signature driver functions is called. */
|
||||||
|
unsigned long hits;
|
||||||
|
} mbedtls_test_driver_key_agreement_hooks_t;
|
||||||
|
|
||||||
|
#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
|
||||||
|
static inline mbedtls_test_driver_key_agreement_hooks_t
|
||||||
|
mbedtls_test_driver_key_agreement_hooks_init( void )
|
||||||
|
{
|
||||||
|
const mbedtls_test_driver_key_agreement_hooks_t
|
||||||
|
v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
|
||||||
|
return( v );
|
||||||
|
}
|
||||||
|
|
||||||
|
extern mbedtls_test_driver_key_agreement_hooks_t
|
||||||
|
mbedtls_test_driver_key_agreement_hooks;
|
||||||
|
|
||||||
|
psa_status_t mbedtls_test_transparent_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length );
|
||||||
|
|
||||||
|
psa_status_t mbedtls_test_opaque_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length );
|
||||||
|
|
||||||
|
#endif /*PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */
|
|
@ -37,6 +37,7 @@
|
||||||
#include "test/drivers/key_management.h"
|
#include "test/drivers/key_management.h"
|
||||||
#include "test/drivers/signature.h"
|
#include "test/drivers/signature.h"
|
||||||
#include "test/drivers/asymmetric_encryption.h"
|
#include "test/drivers/asymmetric_encryption.h"
|
||||||
|
#include "test/drivers/key_agreement.h"
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
|
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
|
||||||
|
|
|
@ -1979,6 +1979,38 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||||
make test
|
make test
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_psa_crypto_config_accel_ecdh () {
|
||||||
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
||||||
|
|
||||||
|
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
|
||||||
|
# partial support for cipher operations in the driver test library.
|
||||||
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
|
||||||
|
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
|
||||||
|
|
||||||
|
loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
|
||||||
|
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
|
||||||
|
make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||||
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
|
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||||
|
scripts/config.py unset MBEDTLS_ECDH_C
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||||
|
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
|
||||||
|
|
||||||
|
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
|
||||||
|
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
|
||||||
|
|
||||||
|
not grep mbedtls_ecdh_ library/ecdh.o
|
||||||
|
|
||||||
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
component_test_psa_crypto_config_accel_rsa_signature () {
|
component_test_psa_crypto_config_accel_rsa_signature () {
|
||||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature"
|
||||||
|
|
||||||
|
|
128
tests/src/drivers/test_driver_key_agreement.c
Normal file
128
tests/src/drivers/test_driver_key_agreement.c
Normal file
|
@ -0,0 +1,128 @@
|
||||||
|
/*
|
||||||
|
* Test driver for key agreement functions.
|
||||||
|
*/
|
||||||
|
/* Copyright The Mbed TLS Contributors
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
* not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <test/helpers.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
|
|
||||||
|
#include "psa/crypto.h"
|
||||||
|
#include "psa_crypto_core.h"
|
||||||
|
#include "psa_crypto_ecp.h"
|
||||||
|
|
||||||
|
#include "test/drivers/key_agreement.h"
|
||||||
|
#include "test/drivers/test_driver.h"
|
||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
|
||||||
|
#include "libtestdriver1/include/psa/crypto.h"
|
||||||
|
#include "libtestdriver1/library/psa_crypto_ecp.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
mbedtls_test_driver_key_agreement_hooks_t
|
||||||
|
mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
|
||||||
|
|
||||||
|
psa_status_t mbedtls_test_transparent_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length )
|
||||||
|
{
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.hits++;
|
||||||
|
|
||||||
|
if( mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS )
|
||||||
|
return( mbedtls_test_driver_key_agreement_hooks.forced_status );
|
||||||
|
|
||||||
|
if( mbedtls_test_driver_key_agreement_hooks.forced_output != NULL )
|
||||||
|
{
|
||||||
|
if( mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size )
|
||||||
|
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
||||||
|
|
||||||
|
memcpy( shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output,
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.forced_output_length );
|
||||||
|
*shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length;
|
||||||
|
|
||||||
|
return( PSA_SUCCESS );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( PSA_ALG_IS_ECDH(alg) )
|
||||||
|
{
|
||||||
|
#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||||
|
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH))
|
||||||
|
return( libtestdriver1_mbedtls_psa_key_agreement_ecdh(
|
||||||
|
(const libtestdriver1_psa_key_attributes_t *) attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, peer_key, peer_key_length,
|
||||||
|
shared_secret, shared_secret_size,
|
||||||
|
shared_secret_length ) );
|
||||||
|
#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
|
return( mbedtls_psa_key_agreement_ecdh(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, peer_key, peer_key_length,
|
||||||
|
shared_secret, shared_secret_size,
|
||||||
|
shared_secret_length ) );
|
||||||
|
#else
|
||||||
|
(void) attributes;
|
||||||
|
(void) key_buffer;
|
||||||
|
(void) key_buffer_size;
|
||||||
|
(void) peer_key;
|
||||||
|
(void) peer_key_length;
|
||||||
|
(void) shared_secret;
|
||||||
|
(void) shared_secret_size;
|
||||||
|
(void) shared_secret_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_test_opaque_key_agreement(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer,
|
||||||
|
size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg,
|
||||||
|
const uint8_t *peer_key,
|
||||||
|
size_t peer_key_length,
|
||||||
|
uint8_t *shared_secret,
|
||||||
|
size_t shared_secret_size,
|
||||||
|
size_t *shared_secret_length )
|
||||||
|
{
|
||||||
|
(void) attributes;
|
||||||
|
(void) key_buffer;
|
||||||
|
(void) key_buffer_size;
|
||||||
|
(void) alg;
|
||||||
|
(void) peer_key;
|
||||||
|
(void) peer_key_length;
|
||||||
|
(void) shared_secret;
|
||||||
|
(void) shared_secret_size;
|
||||||
|
(void) shared_secret_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
|
|
@ -299,6 +299,22 @@ export_key private to public through driver: error
|
||||||
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
|
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
|
||||||
export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR
|
export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR
|
||||||
|
|
||||||
|
raw key agreement through driver: fake
|
||||||
|
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||||
|
key_agreement:PSA_ALG_ECDH:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"0102030405":PSA_SUCCESS
|
||||||
|
|
||||||
|
raw key agreement through driver: in-driver
|
||||||
|
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||||
|
key_agreement:PSA_ALG_ECDH:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_SUCCESS
|
||||||
|
|
||||||
|
raw key agreement through driver: fallback
|
||||||
|
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_ECDH
|
||||||
|
key_agreement:PSA_ALG_ECDH:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_SUCCESS
|
||||||
|
|
||||||
|
raw key agreement through driver: error
|
||||||
|
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
|
||||||
|
key_agreement:PSA_ALG_ECDH:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_ERROR_GENERIC_ERROR
|
||||||
|
|
||||||
PSA symmetric encrypt validation: AES-CTR, 16 bytes, good
|
PSA symmetric encrypt validation: AES-CTR, 16 bytes, good
|
||||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
||||||
cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
|
cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
|
||||||
|
|
|
@ -541,6 +541,94 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE */
|
||||||
|
void key_agreement( int alg_arg,
|
||||||
|
int force_status_arg,
|
||||||
|
int our_key_type_arg,
|
||||||
|
data_t *our_key_data,
|
||||||
|
data_t *peer_key_data,
|
||||||
|
data_t *expected_output,
|
||||||
|
data_t* fake_output,
|
||||||
|
int expected_status_arg )
|
||||||
|
{
|
||||||
|
psa_status_t force_status = force_status_arg;
|
||||||
|
psa_status_t expected_status = expected_status_arg;
|
||||||
|
psa_algorithm_t alg = alg_arg;
|
||||||
|
psa_key_type_t our_key_type = our_key_type_arg;
|
||||||
|
mbedtls_svc_key_id_t our_key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
const uint8_t *expected_output_ptr = NULL;
|
||||||
|
size_t expected_output_length = 0;
|
||||||
|
unsigned char *actual_output = NULL;
|
||||||
|
size_t actual_output_length = ~0;
|
||||||
|
size_t key_bits;
|
||||||
|
psa_status_t actual_status;
|
||||||
|
mbedtls_test_driver_key_agreement_hooks =
|
||||||
|
mbedtls_test_driver_key_agreement_hooks_init();
|
||||||
|
|
||||||
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
|
||||||
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
|
||||||
|
psa_set_key_algorithm( &attributes, alg );
|
||||||
|
psa_set_key_type( &attributes, our_key_type );
|
||||||
|
PSA_ASSERT( psa_import_key( &attributes,
|
||||||
|
our_key_data->x, our_key_data->len,
|
||||||
|
&our_key ) );
|
||||||
|
|
||||||
|
PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
|
||||||
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
|
TEST_LE_U( expected_output->len,
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
|
||||||
|
TEST_LE_U( PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ),
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
|
||||||
|
|
||||||
|
if( fake_output->len > 0 )
|
||||||
|
{
|
||||||
|
expected_output_ptr =
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.forced_output =
|
||||||
|
fake_output->x;
|
||||||
|
|
||||||
|
expected_output_length =
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.forced_output_length =
|
||||||
|
fake_output->len;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
expected_output_ptr = expected_output->x;
|
||||||
|
expected_output_length = expected_output->len;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.hits = 0;
|
||||||
|
mbedtls_test_driver_key_agreement_hooks.forced_status = force_status;
|
||||||
|
|
||||||
|
ASSERT_ALLOC( actual_output, expected_output->len );
|
||||||
|
actual_status = psa_raw_key_agreement( alg, our_key,
|
||||||
|
peer_key_data->x, peer_key_data->len,
|
||||||
|
actual_output, expected_output->len,
|
||||||
|
&actual_output_length ) ;
|
||||||
|
TEST_EQUAL( actual_status, expected_status );
|
||||||
|
TEST_EQUAL( mbedtls_test_driver_key_agreement_hooks.hits, 1 );
|
||||||
|
|
||||||
|
if( actual_status == PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
ASSERT_COMPARE( actual_output, actual_output_length,
|
||||||
|
expected_output_ptr, expected_output_length);
|
||||||
|
}
|
||||||
|
mbedtls_free( actual_output );
|
||||||
|
actual_output = NULL;
|
||||||
|
actual_output_length = ~0;
|
||||||
|
|
||||||
|
exit:
|
||||||
|
psa_reset_key_attributes( &attributes );
|
||||||
|
psa_destroy_key( our_key );
|
||||||
|
PSA_DONE( );
|
||||||
|
mbedtls_test_driver_key_agreement_hooks =
|
||||||
|
mbedtls_test_driver_key_agreement_hooks_init();
|
||||||
|
}
|
||||||
|
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void cipher_encrypt_validation( int alg_arg,
|
void cipher_encrypt_validation( int alg_arg,
|
||||||
int key_type_arg,
|
int key_type_arg,
|
||||||
|
|
|
@ -417,59 +417,59 @@ depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||||
|
|
||||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
|
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||||
|
|
||||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
|
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||||
|
|
||||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
|
||||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
|
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
|
||||||
|
|
||||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
|
||||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
|
||||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||||
|
|
||||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||||
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||||
|
|
||||||
Sending app data via TLS, MFL=512 without fragmentation
|
Sending app data via TLS, MFL=512 without fragmentation
|
||||||
|
|
Loading…
Reference in a new issue