Merge remote-tracking branch 'origin/development' into sha-armce-thumb2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
commit
514590210b
54 changed files with 1697 additions and 1103 deletions
2
3rdparty/Makefile.inc
vendored
2
3rdparty/Makefile.inc
vendored
|
@ -1,3 +1,3 @@
|
|||
THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST)))
|
||||
THIRDPARTY_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
|
||||
include $(THIRDPARTY_DIR)/everest/Makefile.inc
|
||||
include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
|
||||
|
|
2
ChangeLog.d/add-psa-example-program-hash.txt
Normal file
2
ChangeLog.d/add-psa-example-program-hash.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
Features
|
||||
* Added an example program showing how to hash with the PSA API.
|
3
ChangeLog.d/fix-cpp-compilation-error.txt
Normal file
3
ChangeLog.d/fix-cpp-compilation-error.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix compilation error in C++ programs when MBEDTLS_ASN1_PARSE_C is
|
||||
disabled.
|
3
ChangeLog.d/fix-issue-x509-cert_req.txt
Normal file
3
ChangeLog.d/fix-issue-x509-cert_req.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix possible NULL dereference issue in X509 cert_req program if an entry
|
||||
in the san parameter is not separated by a colon.
|
3
ChangeLog.d/fix-issue-x509-cert_write.txt
Normal file
3
ChangeLog.d/fix-issue-x509-cert_write.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Fix possible NULL dereference issue in X509 cert_write program if an entry
|
||||
in the san parameter is not separated by a colon.
|
4
ChangeLog.d/pkwrite-pem-use-heap.txt
Normal file
4
ChangeLog.d/pkwrite-pem-use-heap.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Changes
|
||||
* Use heap memory to allocate DER encoded public/private key.
|
||||
This reduces stack usage significantly for writing a public/private
|
||||
key to a PEM string.
|
|
@ -644,10 +644,10 @@ void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name);
|
|||
/** \} name Functions to parse ASN.1 data structures */
|
||||
/** \} addtogroup asn1_module */
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C */
|
||||
|
||||
#endif /* asn1.h */
|
||||
|
|
|
@ -231,7 +231,7 @@
|
|||
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
|
||||
#if defined(MBEDTLS_ECP_LIGHT) && ( !defined(MBEDTLS_BIGNUM_C) || ( \
|
||||
!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && \
|
||||
|
@ -245,7 +245,7 @@
|
|||
!defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
|
||||
!defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
|
||||
#error "MBEDTLS_ECP_C defined, but not all prerequisites"
|
||||
#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
|
@ -1039,7 +1039,8 @@
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_TICKET_C) && \
|
||||
!( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
|
||||
!( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
|
||||
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -1140,7 +1141,9 @@
|
|||
#error "MBEDTLS_SSL_RECORD_SIZE_LIMIT defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
|
||||
#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && \
|
||||
!( defined(MBEDTLS_SSL_HAVE_CCM) || defined(MBEDTLS_SSL_HAVE_GCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) )
|
||||
#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -56,6 +56,120 @@
|
|||
#define MBEDTLS_MD_LIGHT
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
/*
|
||||
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
|
||||
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
|
||||
* (see below).
|
||||
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
|
||||
* via PSA (see below).
|
||||
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
|
||||
* via a direct legacy call (see below).
|
||||
*
|
||||
* The md module performs an algorithm via PSA if there is a PSA hash
|
||||
* accelerator and the PSA driver subsytem is initialized at the time the
|
||||
* operation is started, and makes a direct legacy call otherwise.
|
||||
*/
|
||||
|
||||
/* PSA accelerated implementations */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_MD5_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SHA1_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SHA224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SHA256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SHA384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SHA512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Built-in implementations */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_LIGHT */
|
||||
|
||||
/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols:
|
||||
* - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions
|
||||
* for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for
|
||||
|
@ -202,4 +316,24 @@
|
|||
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_GCM_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
|
||||
#define MBEDTLS_SSL_HAVE_GCM
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CCM_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
|
||||
#define MBEDTLS_SSL_HAVE_CCM
|
||||
#endif
|
||||
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_CHACHAPOLY_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
|
||||
#define MBEDTLS_SSL_HAVE_CHACHAPOLY
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM) || defined(MBEDTLS_SSL_HAVE_CCM) || \
|
||||
defined(MBEDTLS_SSL_HAVE_CHACHAPOLY)
|
||||
#define MBEDTLS_SSL_HAVE_AEAD
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */
|
||||
|
|
|
@ -724,8 +724,7 @@
|
|||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
|
||||
#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
defined(PSA_HAVE_SOFT_BLOCK_AEAD)
|
||||
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
|
||||
#define MBEDTLS_AES_C
|
||||
#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
|
||||
|
@ -796,8 +795,7 @@
|
|||
|
||||
#if defined(PSA_WANT_ALG_CMAC)
|
||||
#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \
|
||||
defined(PSA_HAVE_SOFT_PBKDF2_CMAC)
|
||||
defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
|
||||
#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
|
||||
#define MBEDTLS_CMAC_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
|
||||
|
|
|
@ -32,120 +32,6 @@
|
|||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
|
||||
/*
|
||||
* - MBEDTLS_MD_CAN_xxx is defined if the md module can perform xxx.
|
||||
* - MBEDTLS_MD_xxx_VIA_PSA is defined if the md module may perform xxx via PSA
|
||||
* (see below).
|
||||
* - MBEDTLS_MD_SOME_PSA is defined if at least one algorithm may be performed
|
||||
* via PSA (see below).
|
||||
* - MBEDTLS_MD_SOME_LEGACY is defined if at least one algorithm may be performed
|
||||
* via a direct legacy call (see below).
|
||||
*
|
||||
* The md module performs an algorithm via PSA if there is a PSA hash
|
||||
* accelerator and the PSA driver subsytem is initialized at the time the
|
||||
* operation is started, and makes a direct legacy call otherwise.
|
||||
*/
|
||||
|
||||
/* PSA accelerated implementations */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_MD5_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SHA1_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SHA224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SHA256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SHA384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SHA512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_RIPEMD160_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_SHA3_224_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_SHA3_256_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_SHA3_384_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SHA3_512_VIA_PSA
|
||||
#define MBEDTLS_MD_SOME_PSA
|
||||
#endif
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Built-in implementations */
|
||||
#if defined(MBEDTLS_MD5_C)
|
||||
#define MBEDTLS_MD_CAN_MD5
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#define MBEDTLS_MD_CAN_SHA1
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#define MBEDTLS_MD_CAN_SHA224
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define MBEDTLS_MD_CAN_SHA256
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#define MBEDTLS_MD_CAN_SHA384
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#define MBEDTLS_MD_CAN_SHA512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA3_C)
|
||||
#define MBEDTLS_MD_CAN_SHA3_224
|
||||
#define MBEDTLS_MD_CAN_SHA3_256
|
||||
#define MBEDTLS_MD_CAN_SHA3_384
|
||||
#define MBEDTLS_MD_CAN_SHA3_512
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
#if defined(MBEDTLS_RIPEMD160_C)
|
||||
#define MBEDTLS_MD_CAN_RIPEMD160
|
||||
#define MBEDTLS_MD_SOME_LEGACY
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_MD_LIGHT */
|
||||
|
||||
/** The selected feature is not available. */
|
||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
|
||||
/** Bad input parameters to function. */
|
||||
|
|
111
library/aes.c
111
library/aes.c
|
@ -76,9 +76,7 @@ static int aes_padlock_ace = -1;
|
|||
/*
|
||||
* Forward S-box
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_DEC_ALT)
|
||||
static const unsigned char FSb[256] =
|
||||
MBEDTLS_MAYBE_UNUSED static const unsigned char FSb[256] =
|
||||
{
|
||||
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
|
||||
0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
|
||||
|
@ -113,8 +111,6 @@ static const unsigned char FSb[256] =
|
|||
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
|
||||
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
|
||||
};
|
||||
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
|
||||
|
||||
/*
|
||||
* Forward tables
|
||||
|
@ -186,36 +182,28 @@ static const unsigned char FSb[256] =
|
|||
V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
|
||||
V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
|
||||
|
||||
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
|
||||
#define V(a, b, c, d) 0x##a##b##c##d
|
||||
static const uint32_t FT0[256] = { FT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t FT0[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a, b, c, d) 0x##b##c##d##a
|
||||
static const uint32_t FT1[256] = { FT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t FT1[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#define V(a, b, c, d) 0x##c##d##a##b
|
||||
static const uint32_t FT2[256] = { FT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t FT2[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#define V(a, b, c, d) 0x##d##a##b##c
|
||||
static const uint32_t FT3[256] = { FT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t FT3[256] = { FT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */
|
||||
|
||||
#undef FT
|
||||
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
|
||||
/*
|
||||
* Reverse S-box
|
||||
*/
|
||||
static const unsigned char RSb[256] =
|
||||
MBEDTLS_MAYBE_UNUSED static const unsigned char RSb[256] =
|
||||
{
|
||||
0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38,
|
||||
0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB,
|
||||
|
@ -250,7 +238,6 @@ static const unsigned char RSb[256] =
|
|||
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
|
||||
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
|
||||
};
|
||||
#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */
|
||||
|
||||
/*
|
||||
* Reverse tables
|
||||
|
@ -322,84 +309,60 @@ static const unsigned char RSb[256] =
|
|||
V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
|
||||
V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
|
||||
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
|
||||
|
||||
#define V(a, b, c, d) 0x##a##b##c##d
|
||||
static const uint32_t RT0[256] = { RT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t RT0[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
|
||||
#define V(a, b, c, d) 0x##b##c##d##a
|
||||
static const uint32_t RT1[256] = { RT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t RT1[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#define V(a, b, c, d) 0x##c##d##a##b
|
||||
static const uint32_t RT2[256] = { RT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t RT2[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#define V(a, b, c, d) 0x##d##a##b##c
|
||||
static const uint32_t RT3[256] = { RT };
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t RT3[256] = { RT };
|
||||
#undef V
|
||||
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
|
||||
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
|
||||
|
||||
#undef RT
|
||||
|
||||
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
|
||||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static const uint32_t RCON[10] =
|
||||
MBEDTLS_MAYBE_UNUSED static const uint32_t round_constants[10] =
|
||||
{
|
||||
0x00000001, 0x00000002, 0x00000004, 0x00000008,
|
||||
0x00000010, 0x00000020, 0x00000040, 0x00000080,
|
||||
0x0000001B, 0x00000036
|
||||
};
|
||||
#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
|
||||
|
||||
#else /* MBEDTLS_AES_ROM_TABLES */
|
||||
|
||||
/*
|
||||
* Forward S-box & tables
|
||||
*/
|
||||
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_DEC_ALT)
|
||||
static unsigned char FSb[256];
|
||||
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
|
||||
#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
|
||||
static uint32_t FT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t FT1[256];
|
||||
static uint32_t FT2[256];
|
||||
static uint32_t FT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
|
||||
MBEDTLS_MAYBE_UNUSED static unsigned char FSb[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t FT0[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t FT1[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t FT2[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t FT3[256];
|
||||
|
||||
/*
|
||||
* Reverse S-box & tables
|
||||
*/
|
||||
#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT))
|
||||
static unsigned char RSb[256];
|
||||
#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */
|
||||
MBEDTLS_MAYBE_UNUSED static unsigned char RSb[256];
|
||||
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
|
||||
static uint32_t RT0[256];
|
||||
#if !defined(MBEDTLS_AES_FEWER_TABLES)
|
||||
static uint32_t RT1[256];
|
||||
static uint32_t RT2[256];
|
||||
static uint32_t RT3[256];
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t RT0[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t RT1[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t RT2[256];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t RT3[256];
|
||||
|
||||
#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
|
||||
/*
|
||||
* Round constants
|
||||
*/
|
||||
static uint32_t RCON[10];
|
||||
MBEDTLS_MAYBE_UNUSED static uint32_t round_constants[10];
|
||||
|
||||
/*
|
||||
* Tables generation code
|
||||
|
@ -408,9 +371,9 @@ static uint32_t RCON[10];
|
|||
#define XTIME(x) (((x) << 1) ^ (((x) & 0x80) ? 0x1B : 0x00))
|
||||
#define MUL(x, y) (((x) && (y)) ? pow[(log[(x)]+log[(y)]) % 255] : 0)
|
||||
|
||||
static int aes_init_done = 0;
|
||||
MBEDTLS_MAYBE_UNUSED static int aes_init_done = 0;
|
||||
|
||||
static void aes_gen_tables(void)
|
||||
MBEDTLS_MAYBE_UNUSED static void aes_gen_tables(void)
|
||||
{
|
||||
int i;
|
||||
uint8_t x, y, z;
|
||||
|
@ -430,7 +393,7 @@ static void aes_gen_tables(void)
|
|||
* calculate the round constants
|
||||
*/
|
||||
for (i = 0, x = 1; i < 10; i++) {
|
||||
RCON[i] = x;
|
||||
round_constants[i] = x;
|
||||
x = XTIME(x);
|
||||
}
|
||||
|
||||
|
@ -474,7 +437,8 @@ static void aes_gen_tables(void)
|
|||
|
||||
x = RSb[i];
|
||||
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
|
||||
#if !defined(MBEDTLS_AES_DECRYPT_ALT) || \
|
||||
(!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY))
|
||||
RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
|
||||
((uint32_t) MUL(0x09, x) << 8) ^
|
||||
((uint32_t) MUL(0x0D, x) << 16) ^
|
||||
|
@ -485,12 +449,11 @@ static void aes_gen_tables(void)
|
|||
RT2[i] = ROTL8(RT1[i]);
|
||||
RT3[i] = ROTL8(RT2[i]);
|
||||
#endif /* !MBEDTLS_AES_FEWER_TABLES */
|
||||
#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
|
||||
#endif \
|
||||
/* !defined(MBEDTLS_AES_DECRYPT_ALT) || (!defined(MBEDTLS_AES_SETKEY_DEC_ALT) && !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)) */
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
|
||||
|
||||
#undef ROTL8
|
||||
|
||||
#endif /* MBEDTLS_AES_ROM_TABLES */
|
||||
|
@ -568,9 +531,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx)
|
|||
#define MAY_NEED_TO_ALIGN
|
||||
#endif
|
||||
|
||||
#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_ENC_ALT)
|
||||
static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
|
||||
MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
|
||||
{
|
||||
#if defined(MAY_NEED_TO_ALIGN)
|
||||
int align_16_bytes = 0;
|
||||
|
@ -606,8 +567,6 @@ static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
|
||||
!defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
|
||||
|
||||
/*
|
||||
* AES key schedule (encryption)
|
||||
|
@ -658,7 +617,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 10:
|
||||
|
||||
for (unsigned int i = 0; i < 10; i++, RK += 4) {
|
||||
RK[4] = RK[0] ^ RCON[i] ^
|
||||
RK[4] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[3])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[3])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[3])] << 16) ^
|
||||
|
@ -674,7 +633,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 12:
|
||||
|
||||
for (unsigned int i = 0; i < 8; i++, RK += 6) {
|
||||
RK[6] = RK[0] ^ RCON[i] ^
|
||||
RK[6] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[5])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[5])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[5])] << 16) ^
|
||||
|
@ -691,7 +650,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
|
|||
case 14:
|
||||
|
||||
for (unsigned int i = 0; i < 7; i++, RK += 8) {
|
||||
RK[8] = RK[0] ^ RCON[i] ^
|
||||
RK[8] = RK[0] ^ round_constants[i] ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_1(RK[7])]) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_2(RK[7])] << 8) ^
|
||||
((uint32_t) FSb[MBEDTLS_BYTE_3(RK[7])] << 16) ^
|
||||
|
@ -1040,7 +999,6 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
|
|||
}
|
||||
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
|
||||
|
||||
#if defined(MAY_NEED_TO_ALIGN)
|
||||
/* VIA Padlock and our intrinsics-based implementation of AESNI require
|
||||
* the round keys to be aligned on a 16-byte boundary. We take care of this
|
||||
* before creating them, but the AES context may have moved (this can happen
|
||||
|
@ -1048,7 +1006,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
|
|||
* calls it might have a different alignment with respect to 16-byte memory.
|
||||
* So we may need to realign.
|
||||
*/
|
||||
static void aes_maybe_realign(mbedtls_aes_context *ctx)
|
||||
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
|
||||
{
|
||||
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
|
||||
if (new_offset != ctx->rk_offset) {
|
||||
|
@ -1058,7 +1016,6 @@ static void aes_maybe_realign(mbedtls_aes_context *ctx)
|
|||
ctx->rk_offset = new_offset;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* AES-ECB block encryption/decryption
|
||||
|
|
|
@ -80,7 +80,7 @@ enum mbedtls_cipher_base_index {
|
|||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
|
||||
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C)
|
||||
|
@ -104,7 +104,7 @@ enum mbedtls_cipher_base_index {
|
|||
#if defined(MBEDTLS_DES_C)
|
||||
MBEDTLS_CIPHER_BASE_INDEX_DES,
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
|
||||
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES,
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C)
|
||||
|
@ -576,7 +576,9 @@ static int gcm_aes_setkey_wrap(void *ctx, const unsigned char *key,
|
|||
return mbedtls_gcm_setkey((mbedtls_gcm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
|
||||
key, key_bitlen);
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA)
|
||||
static const mbedtls_cipher_base_t gcm_aes_info = {
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
NULL,
|
||||
|
@ -598,12 +600,21 @@ static const mbedtls_cipher_base_t gcm_aes_info = {
|
|||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
gcm_aes_setkey_wrap,
|
||||
gcm_aes_setkey_wrap,
|
||||
gcm_ctx_alloc,
|
||||
gcm_ctx_free,
|
||||
#else
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
};
|
||||
#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA)
|
||||
static const mbedtls_cipher_info_t aes_128_gcm_info = {
|
||||
"AES-128-GCM",
|
||||
16,
|
||||
|
@ -638,7 +649,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = {
|
|||
MBEDTLS_CIPHER_BASE_INDEX_GCM_AES
|
||||
};
|
||||
#endif
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA */
|
||||
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
|
||||
|
@ -647,7 +658,9 @@ static int ccm_aes_setkey_wrap(void *ctx, const unsigned char *key,
|
|||
return mbedtls_ccm_setkey((mbedtls_ccm_context *) ctx, MBEDTLS_CIPHER_ID_AES,
|
||||
key, key_bitlen);
|
||||
}
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA)
|
||||
static const mbedtls_cipher_base_t ccm_aes_info = {
|
||||
MBEDTLS_CIPHER_ID_AES,
|
||||
NULL,
|
||||
|
@ -669,12 +682,21 @@ static const mbedtls_cipher_base_t ccm_aes_info = {
|
|||
#if defined(MBEDTLS_CIPHER_MODE_STREAM)
|
||||
NULL,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
ccm_aes_setkey_wrap,
|
||||
ccm_aes_setkey_wrap,
|
||||
ccm_ctx_alloc,
|
||||
ccm_ctx_free,
|
||||
#else
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
#endif
|
||||
};
|
||||
#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA)
|
||||
static const mbedtls_cipher_info_t aes_128_ccm_info = {
|
||||
"AES-128-CCM",
|
||||
16,
|
||||
|
@ -709,7 +731,9 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = {
|
|||
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
|
||||
};
|
||||
#endif
|
||||
#endif /* MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA)
|
||||
static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = {
|
||||
"AES-128-CCM*-NO-TAG",
|
||||
16,
|
||||
|
@ -744,7 +768,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = {
|
|||
MBEDTLS_CIPHER_BASE_INDEX_CCM_AES
|
||||
};
|
||||
#endif
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA */
|
||||
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -2245,19 +2269,21 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] =
|
|||
{ MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info },
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA)
|
||||
{ MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info },
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
{ MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info },
|
||||
{ MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info },
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA)
|
||||
{ MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info },
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
{ MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info },
|
||||
{ MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info },
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA)
|
||||
{ MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info },
|
||||
#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
|
||||
{ MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info },
|
||||
|
@ -2387,7 +2413,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = {
|
|||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
[MBEDTLS_CIPHER_BASE_INDEX_CAMELLIA] = &camellia_info,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA)
|
||||
[MBEDTLS_CIPHER_BASE_INDEX_CCM_AES] = &ccm_aes_info,
|
||||
#endif
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_ARIA_C)
|
||||
|
@ -2411,7 +2437,7 @@ const mbedtls_cipher_base_t *mbedtls_cipher_base_lookup_table[] = {
|
|||
#if defined(MBEDTLS_DES_C)
|
||||
[MBEDTLS_CIPHER_BASE_INDEX_DES] = &des_info,
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA)
|
||||
[MBEDTLS_CIPHER_BASE_INDEX_GCM_AES] = &gcm_aes_info,
|
||||
#endif
|
||||
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_ARIA_C)
|
||||
|
|
|
@ -36,6 +36,44 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Support for GCM either through Mbed TLS SW implementation or PSA */
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM))
|
||||
#define MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_KEY_TYPE_AES))
|
||||
#define MBEDTLS_CIPHER_HAVE_GCM_AES_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM))
|
||||
#define MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if (defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM) && defined(PSA_WANT_KEY_TYPE_AES))
|
||||
#define MBEDTLS_CIPHER_HAVE_CCM_AES_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CCM_STAR_NO_TAG))
|
||||
#define MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_CHACHA20_POLY1305))
|
||||
#define MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_GCM_VIA_LEGACY_OR_USE_PSA) || \
|
||||
defined(MBEDTLS_CIPHER_HAVE_CCM_VIA_LEGACY_OR_USE_PSA) || \
|
||||
defined(MBEDTLS_CIPHER_HAVE_CCM_STAR_NO_TAG_VIA_LEGACY_OR_USE_PSA) || \
|
||||
defined(MBEDTLS_CIPHER_HAVE_CHACHAPOLY_VIA_LEGACY_OR_USE_PSA)
|
||||
#define MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Base cipher information. The non-mode specific functions and values.
|
||||
*/
|
||||
|
|
|
@ -334,4 +334,25 @@ static inline void mbedtls_xor_no_simd(unsigned char *r,
|
|||
#define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE
|
||||
#endif
|
||||
|
||||
/* Suppress compiler warnings for unused functions and variables. */
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__has_attribute)
|
||||
# if __has_attribute(unused)
|
||||
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
|
||||
# endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__GNUC__)
|
||||
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(__IAR_SYSTEMS_ICC__) && defined(__VER__)
|
||||
# if (__VER__ >= 8010000) // IAR 8.1 or later
|
||||
# define MBEDTLS_MAYBE_UNUSED __attribute__((unused))
|
||||
# endif
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED) && defined(_MSC_VER)
|
||||
# define MBEDTLS_MAYBE_UNUSED __pragma(warning(suppress:4189))
|
||||
#endif
|
||||
#if !defined(MBEDTLS_MAYBE_UNUSED)
|
||||
# define MBEDTLS_MAYBE_UNUSED
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_LIBRARY_COMMON_H */
|
||||
|
|
|
@ -3288,7 +3288,10 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
|||
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&key->d, buf, buflen));
|
||||
}
|
||||
#endif
|
||||
MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
|
||||
|
||||
if (ret == 0) {
|
||||
MBEDTLS_MPI_CHK(mbedtls_ecp_check_privkey(&key->grp, &key->d));
|
||||
}
|
||||
|
||||
cleanup:
|
||||
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
psa_pk_status_to_mbedtls)
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
/**
|
||||
* Public function mbedtls_pk_ec() can be used to get direct access to the
|
||||
* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
|
||||
|
@ -80,7 +80,9 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
|
|||
return NULL;
|
||||
}
|
||||
}
|
||||
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk)
|
||||
{
|
||||
mbedtls_ecp_group_id id;
|
||||
|
@ -117,14 +119,19 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
|
|||
#endif /* MBEDTLS_ECP_HAVE_CURVE25519 || MBEDTLS_ECP_DP_CURVE448 */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
/* Helper for (deterministic) ECDSA */
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_DETERMINISTIC_ECDSA
|
||||
#else
|
||||
#define MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET PSA_ALG_ECDSA
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_TEST_HOOKS)
|
||||
MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
|
||||
mbedtls_pk_context *pk,
|
||||
unsigned char *key, size_t keylen,
|
||||
const unsigned char *pwd, size_t pwdlen,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
|
||||
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PK_INTERNAL_H */
|
||||
|
|
|
@ -976,16 +976,17 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
|
|||
psa_status_t status;
|
||||
psa_algorithm_t psa_sig_md;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t alg;
|
||||
psa_algorithm_t alg, alg2;
|
||||
|
||||
status = psa_get_key_attributes(key_id, &key_attr);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
alg = psa_get_key_algorithm(&key_attr);
|
||||
alg2 = psa_get_key_enrollment_algorithm(&key_attr);
|
||||
psa_reset_key_attributes(&key_attr);
|
||||
|
||||
if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
|
||||
if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg) || PSA_ALG_IS_DETERMINISTIC_ECDSA(alg2)) {
|
||||
psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
} else {
|
||||
psa_sig_md = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
|
@ -1037,13 +1038,8 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
|||
psa_ecc_family_t curve =
|
||||
mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
|
||||
size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
|
||||
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
|
||||
psa_algorithm_t psa_sig_md =
|
||||
PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
#else
|
||||
psa_algorithm_t psa_sig_md =
|
||||
PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
#endif
|
||||
psa_algorithm_t psa_hash = mbedtls_md_psa_alg_from_type(md_alg);
|
||||
psa_algorithm_t psa_sig_md = MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(psa_hash);
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
|
|
|
@ -216,21 +216,22 @@ int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/* PKCS12 uses CBC with PKCS7 padding */
|
||||
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
{
|
||||
/* PKCS12 uses CBC with PKCS7 padding */
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_PKCS12_PBE_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
#endif
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
|
||||
|
|
|
@ -242,23 +242,25 @@ int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
|
||||
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
||||
* "PKCS5 padding" except that it's typically only called PKCS5
|
||||
* with 64-bit-block ciphers).
|
||||
*/
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
{
|
||||
/* PKCS5 uses CBC with PKCS7 padding (which is the same as
|
||||
* "PKCS5 padding" except that it's typically only called PKCS5
|
||||
* with 64-bit-block ciphers).
|
||||
*/
|
||||
mbedtls_cipher_padding_t padding = MBEDTLS_PADDING_PKCS7;
|
||||
#if !defined(MBEDTLS_CIPHER_PADDING_PKCS7)
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
/* For historical reasons, when decrypting, this function works when
|
||||
* decrypting even when support for PKCS7 padding is disabled. In this
|
||||
* case, it ignores the padding, and so will never report a
|
||||
* password mismatch.
|
||||
*/
|
||||
if (mode == MBEDTLS_DECRYPT) {
|
||||
padding = MBEDTLS_PADDING_NONE;
|
||||
}
|
||||
#endif
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
if ((ret = mbedtls_cipher_set_padding_mode(&cipher_ctx, padding)) != 0) {
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
|
||||
if ((ret = mbedtls_cipher_crypt(&cipher_ctx, iv, enc_scheme_params.len,
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -756,27 +756,38 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
|
|||
int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char output_buf[PUB_DER_MAX_BYTES];
|
||||
unsigned char *output_buf = NULL;
|
||||
output_buf = mbedtls_calloc(1, PUB_DER_MAX_BYTES);
|
||||
if (output_buf == NULL) {
|
||||
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
||||
}
|
||||
size_t olen = 0;
|
||||
|
||||
if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf,
|
||||
sizeof(output_buf))) < 0) {
|
||||
return ret;
|
||||
PUB_DER_MAX_BYTES)) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_PUBLIC_KEY, PEM_END_PUBLIC_KEY,
|
||||
output_buf + sizeof(output_buf) - ret,
|
||||
output_buf + PUB_DER_MAX_BYTES - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
return ret;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
return 0;
|
||||
ret = 0;
|
||||
cleanup:
|
||||
mbedtls_free(output_buf);
|
||||
return ret;
|
||||
}
|
||||
|
||||
int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char output_buf[PRV_DER_MAX_BYTES];
|
||||
unsigned char *output_buf = NULL;
|
||||
output_buf = mbedtls_calloc(1, PRV_DER_MAX_BYTES);
|
||||
if (output_buf == NULL) {
|
||||
return MBEDTLS_ERR_PK_ALLOC_FAILED;
|
||||
}
|
||||
const char *begin, *end;
|
||||
size_t olen = 0;
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
|
@ -789,8 +800,8 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
|
|||
int is_rsa_opaque = 0;
|
||||
#endif
|
||||
|
||||
if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
|
||||
return ret;
|
||||
if ((ret = mbedtls_pk_write_key_der(key, output_buf, PRV_DER_MAX_BYTES)) < 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -833,15 +844,21 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
|
|||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||
|
||||
if ((ret = mbedtls_pem_write_buffer(begin, end,
|
||||
output_buf + sizeof(output_buf) - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
return ret;
|
||||
{
|
||||
ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
return 0;
|
||||
if ((ret = mbedtls_pem_write_buffer(begin, end,
|
||||
output_buf + PRV_DER_MAX_BYTES - ret,
|
||||
ret, buf, size, &olen)) != 0) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
cleanup:
|
||||
mbedtls_zeroize_and_free(output_buf, PRV_DER_MAX_BYTES);
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_PEM_WRITE_C */
|
||||
|
||||
|
|
|
@ -73,7 +73,6 @@
|
|||
#include "mbedtls/error.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "mbedtls/md5.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include "pk_wrap.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
|
|
@ -2431,7 +2431,6 @@ void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
|
|||
|
||||
#if defined(MBEDTLS_SELF_TEST)
|
||||
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
/*
|
||||
* Example RSA-1024 keypair, for test purposes
|
||||
|
|
|
@ -293,7 +293,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
{
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
{ MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
|
||||
|
@ -308,8 +308,8 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM) && defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS1_3_AES_128_CCM_SHA256, "TLS1-3-AES-128-CCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
|
||||
|
@ -320,19 +320,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 && MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS1_3_CHACHA20_POLY1305_SHA256,
|
||||
"TLS1-3-CHACHA20-POLY1305-SHA256",
|
||||
MBEDTLS_CIPHER_CHACHA20_POLY1305, MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
|
||||
#endif /* MBEDTLS_CHACHAPOLY_C && MBEDTLS_MD_CAN_SHA256 */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY && MBEDTLS_MD_CAN_SHA256 */
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
||||
#if defined(MBEDTLS_CHACHAPOLY_C) && \
|
||||
#if defined(MBEDTLS_SSL_HAVE_CHACHAPOLY) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_2)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
|
||||
|
@ -391,7 +391,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif
|
||||
#endif /* MBEDTLS_CHACHAPOLY_C &&
|
||||
#endif /* MBEDTLS_SSL_HAVE_CHACHAPOLY &&
|
||||
MBEDTLS_MD_CAN_SHA256 &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
|
||||
|
@ -415,12 +415,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
@ -429,14 +429,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
0,
|
||||
|
@ -453,7 +453,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
@ -474,7 +474,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
|
@ -489,7 +489,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
|
@ -523,12 +523,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
@ -537,12 +537,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if (defined(MBEDTLS_GCM_C) || defined(PSA_WANT_ALG_GCM))
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -564,7 +564,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
"TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
|
@ -579,7 +579,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
|
@ -595,7 +595,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
defined(MBEDTLS_GCM_C)
|
||||
defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
0,
|
||||
|
@ -603,12 +603,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
|
||||
|
@ -636,7 +636,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM, "TLS-DHE-RSA-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
0,
|
||||
|
@ -653,7 +653,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
@ -682,7 +682,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
|
||||
|
@ -696,7 +696,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
|
||||
|
@ -704,7 +704,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
defined(MBEDTLS_GCM_C)
|
||||
defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
|
@ -712,12 +712,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_GCM_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS-RSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS-RSA-WITH-AES-128-CBC-SHA256",
|
||||
|
@ -745,7 +745,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_RSA_WITH_AES_256_CCM, "TLS-RSA-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
0,
|
||||
|
@ -762,7 +762,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
@ -792,7 +792,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA,
|
||||
|
@ -806,7 +806,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
|
||||
|
@ -832,12 +832,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
@ -846,12 +846,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -873,7 +873,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
"TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
|
@ -888,7 +888,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
|
@ -922,12 +922,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA256 */
|
||||
#if defined(MBEDTLS_MD_CAN_SHA384)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
|
@ -936,12 +936,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
|
||||
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
|
@ -963,7 +963,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
"TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
|
@ -978,7 +978,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
|
||||
|
@ -993,7 +993,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256, "TLS-PSK-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
|
@ -1007,7 +1007,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
|
@ -1036,7 +1036,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_PSK_WITH_AES_256_CCM, "TLS-PSK-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
0,
|
||||
|
@ -1053,7 +1053,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
@ -1073,7 +1073,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_PSK,
|
||||
|
@ -1087,14 +1087,14 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, "TLS-DHE-PSK-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
|
@ -1108,7 +1108,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
|
@ -1137,7 +1137,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA1 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM, "TLS-DHE-PSK-WITH-AES-256-CCM",
|
||||
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
0,
|
||||
|
@ -1154,7 +1154,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_CAMELLIA_C)
|
||||
|
@ -1174,7 +1174,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
|
||||
|
@ -1188,7 +1188,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
|
||||
|
@ -1249,7 +1249,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, "TLS-RSA-PSK-WITH-AES-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
|
@ -1263,7 +1263,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
|
@ -1311,7 +1311,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_GCM)
|
||||
#if defined(MBEDTLS_MD_CAN_SHA256)
|
||||
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, "TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256",
|
||||
MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
|
||||
|
@ -1325,19 +1325,19 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||
0,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_MD_CAN_SHA384 */
|
||||
#endif /* MBEDTLS_GCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_GCM */
|
||||
#endif /* MBEDTLS_CAMELLIA_C */
|
||||
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||
#if defined(MBEDTLS_AES_C)
|
||||
#if defined(MBEDTLS_CCM_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_CCM)
|
||||
{ MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8, "TLS-ECJPAKE-WITH-AES-128-CCM-8",
|
||||
MBEDTLS_CIPHER_AES_128_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECJPAKE,
|
||||
MBEDTLS_CIPHERSUITE_SHORT_TAG,
|
||||
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
|
||||
#endif /* MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_CCM */
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
|
||||
|
||||
|
|
|
@ -863,9 +863,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
|
|||
*add_data_len = cur - add_data;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_AEAD)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_transform_aead_dynamic_iv_is_explicit(
|
||||
mbedtls_ssl_transform const *transform)
|
||||
|
@ -910,7 +908,7 @@ static void ssl_build_record_nonce(unsigned char *dst_iv,
|
|||
dst_iv += dst_iv_len - dynamic_iv_len;
|
||||
mbedtls_xor(dst_iv, dst_iv, dynamic_iv, dynamic_iv_len);
|
||||
}
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_AEAD */
|
||||
|
||||
int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
|
||||
mbedtls_ssl_transform *transform,
|
||||
|
@ -1146,9 +1144,7 @@ hmac_failed_etm_disabled:
|
|||
} else
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_AEAD)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
|
||||
unsigned char iv[12];
|
||||
unsigned char *dynamic_iv;
|
||||
|
@ -1258,7 +1254,7 @@ hmac_failed_etm_disabled:
|
|||
|
||||
auth_done++;
|
||||
} else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_AEAD */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
|
||||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
|
||||
|
@ -1496,9 +1492,9 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
|||
mbedtls_ssl_transform *transform,
|
||||
mbedtls_record *rec)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) || defined(MBEDTLS_SSL_HAVE_AEAD)
|
||||
size_t olen;
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_CIPHER_MODE_AEAD */
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC || MBEDTLS_SSL_HAVE_AEAD */
|
||||
mbedtls_ssl_mode_t ssl_mode;
|
||||
int ret;
|
||||
|
||||
|
@ -1559,9 +1555,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
|||
* so there's no encryption to do here.*/
|
||||
} else
|
||||
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_AEAD)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
|
||||
unsigned char iv[12];
|
||||
unsigned char *dynamic_iv;
|
||||
|
@ -1677,7 +1671,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
|
|||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
} else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_AEAD */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_CBC ||
|
||||
ssl_mode == MBEDTLS_SSL_MODE_CBC_ETM) {
|
||||
|
|
|
@ -8287,9 +8287,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
|||
keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info) / 8;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
#if defined(MBEDTLS_SSL_HAVE_AEAD)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_AEAD) {
|
||||
size_t explicit_ivlen;
|
||||
|
||||
|
@ -8324,7 +8322,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform,
|
|||
explicit_ivlen = transform->ivlen - transform->fixed_ivlen;
|
||||
transform->minlen = explicit_ivlen + transform->taglen;
|
||||
} else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
#endif /* MBEDTLS_SSL_HAVE_AEAD */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
if (ssl_mode == MBEDTLS_SSL_MODE_STREAM ||
|
||||
ssl_mode == MBEDTLS_SSL_MODE_CBC ||
|
||||
|
|
|
@ -676,7 +676,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk,
|
|||
uint16_t *curves_tls_id)
|
||||
{
|
||||
uint16_t *curr_tls_id = curves_tls_id;
|
||||
mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id;
|
||||
mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk);
|
||||
mbedtls_ecp_group_id curr_grp_id;
|
||||
|
||||
while (*curr_tls_id != 0) {
|
||||
|
@ -2600,9 +2600,9 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
(defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
|
@ -2712,8 +2712,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
|||
|
||||
return ret;
|
||||
}
|
||||
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
|
@ -2739,6 +2738,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
|||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
|
||||
|
||||
|
|
|
@ -1019,14 +1019,14 @@ int mbedtls_ssl_tls13_populate_transform(
|
|||
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
|
||||
key_enc, mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
MBEDTLS_ENCRYPT)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
|
||||
return ret;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
|
||||
key_dec, mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
|
||||
MBEDTLS_DECRYPT)) != 0) {
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
|
||||
return ret;
|
||||
|
|
|
@ -254,31 +254,33 @@ static int parse_attribute_value_hex_der_encoded(const char *s,
|
|||
/* Step 3: decode the DER. */
|
||||
/* We've checked that der_length >= 1 above. */
|
||||
*tag = der[0];
|
||||
unsigned char *p = der + 1;
|
||||
if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
|
||||
goto error;
|
||||
}
|
||||
/* Now p points to the first byte of the payload inside der,
|
||||
* and *data_len is the length of the payload. */
|
||||
{
|
||||
unsigned char *p = der + 1;
|
||||
if (mbedtls_asn1_get_len(&p, der + der_length, data_len) != 0) {
|
||||
goto error;
|
||||
}
|
||||
/* Now p points to the first byte of the payload inside der,
|
||||
* and *data_len is the length of the payload. */
|
||||
|
||||
/* Step 4: payload validation */
|
||||
if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) {
|
||||
goto error;
|
||||
}
|
||||
/* Strings must not contain null bytes. */
|
||||
if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) {
|
||||
for (size_t i = 0; i < *data_len; i++) {
|
||||
if (p[i] == 0) {
|
||||
goto error;
|
||||
/* Step 4: payload validation */
|
||||
if (*data_len > MBEDTLS_X509_MAX_DN_NAME_SIZE) {
|
||||
goto error;
|
||||
}
|
||||
/* Strings must not contain null bytes. */
|
||||
if (MBEDTLS_ASN1_IS_STRING_TAG(*tag)) {
|
||||
for (size_t i = 0; i < *data_len; i++) {
|
||||
if (p[i] == 0) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Step 5: output the payload. */
|
||||
if (*data_len > data_size) {
|
||||
goto error;
|
||||
/* Step 5: output the payload. */
|
||||
if (*data_len > data_size) {
|
||||
goto error;
|
||||
}
|
||||
memcpy(data, p, *data_len);
|
||||
}
|
||||
memcpy(data, p, *data_len);
|
||||
mbedtls_free(der);
|
||||
|
||||
return 0;
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
#include "mbedtls/oid.h"
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
|
|
|
@ -109,6 +109,7 @@ APPS = \
|
|||
psa/hmac_demo \
|
||||
psa/key_ladder_demo \
|
||||
psa/psa_constant_names \
|
||||
psa/psa_hash \
|
||||
random/gen_entropy \
|
||||
random/gen_random_ctr_drbg \
|
||||
ssl/dtls_client \
|
||||
|
@ -324,6 +325,10 @@ psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_
|
|||
echo " CC psa/psa_constant_names.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP)
|
||||
echo " CC psa/psa_hash.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
||||
random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
|
||||
echo " CC random/gen_entropy.c"
|
||||
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
|
||||
|
|
137
programs/demo_common.sh
Normal file
137
programs/demo_common.sh
Normal file
|
@ -0,0 +1,137 @@
|
|||
## Common shell functions used by demo scripts programs/*/*.sh.
|
||||
|
||||
## How to write a demo script
|
||||
## ==========================
|
||||
##
|
||||
## Include this file near the top of each demo script:
|
||||
## . "${0%/*}/../demo_common.sh"
|
||||
##
|
||||
## Start with a "msg" call that explains the purpose of the script.
|
||||
## Then call the "depends_on" function to ensure that all config
|
||||
## dependencies are met.
|
||||
##
|
||||
## As the last thing in the script, call the cleanup function.
|
||||
##
|
||||
## You can use the functions and variables described below.
|
||||
|
||||
set -e -u
|
||||
|
||||
## $root_dir is the root directory of the Mbed TLS source tree.
|
||||
root_dir="${0%/*}"
|
||||
# Find a nice path to the root directory, avoiding unnecessary "../".
|
||||
# The code supports demo scripts nested up to 4 levels deep.
|
||||
# The code works no matter where the demo script is relative to the current
|
||||
# directory, even if it is called with a relative path.
|
||||
n=4 # limit the search depth
|
||||
while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do
|
||||
if [ $n -eq 0 ]; then
|
||||
echo >&2 "This doesn't seem to be an Mbed TLS source tree."
|
||||
exit 125
|
||||
fi
|
||||
n=$((n - 1))
|
||||
case $root_dir in
|
||||
.) root_dir="..";;
|
||||
..|?*/..) root_dir="$root_dir/..";;
|
||||
?*/*) root_dir="${root_dir%/*}";;
|
||||
/*) root_dir="/";;
|
||||
*) root_dir=".";;
|
||||
esac
|
||||
done
|
||||
|
||||
## $programs_dir is the directory containing the sample programs.
|
||||
# Assume an in-tree build.
|
||||
programs_dir="$root_dir/programs"
|
||||
|
||||
## msg LINE...
|
||||
## msg <TEXT_ORIGIN
|
||||
## Display an informational message.
|
||||
msg () {
|
||||
if [ $# -eq 0 ]; then
|
||||
sed 's/^/# /'
|
||||
else
|
||||
for x in "$@"; do
|
||||
echo "# $x"
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
## run "Message" COMMAND ARGUMENT...
|
||||
## Display the message, then run COMMAND with the specified arguments.
|
||||
run () {
|
||||
echo
|
||||
echo "# $1"
|
||||
shift
|
||||
echo "+ $*"
|
||||
"$@"
|
||||
}
|
||||
|
||||
## Like '!', but stop on failure with 'set -e'
|
||||
not () {
|
||||
if "$@"; then false; fi
|
||||
}
|
||||
|
||||
## run_bad "Message" COMMAND ARGUMENT...
|
||||
## Like run, but the command is expected to fail.
|
||||
run_bad () {
|
||||
echo
|
||||
echo "$1 This must fail."
|
||||
shift
|
||||
echo "+ ! $*"
|
||||
not "$@"
|
||||
}
|
||||
|
||||
## config_has SYMBOL...
|
||||
## Succeeds if the library configuration has all SYMBOLs set.
|
||||
config_has () {
|
||||
for x in "$@"; do
|
||||
"$programs_dir/test/query_compile_time_config" "$x"
|
||||
done
|
||||
}
|
||||
|
||||
## depends_on SYMBOL...
|
||||
## Exit if the library configuration does not have all SYMBOLs set.
|
||||
depends_on () {
|
||||
m=
|
||||
for x in "$@"; do
|
||||
if ! config_has "$x"; then
|
||||
m="$m $x"
|
||||
fi
|
||||
done
|
||||
if [ -n "$m" ]; then
|
||||
cat >&2 <<EOF
|
||||
$0: this demo requires the following
|
||||
configuration options to be enabled at compile time:
|
||||
$m
|
||||
EOF
|
||||
# Exit with a success status so that this counts as a pass for run_demos.py.
|
||||
exit
|
||||
fi
|
||||
}
|
||||
|
||||
## Add the names of files to clean up to this whitespace-separated variable.
|
||||
## The file names must not contain whitespace characters.
|
||||
files_to_clean=
|
||||
|
||||
## Call this function at the end of each script.
|
||||
## It is called automatically if the script is killed by a signal.
|
||||
cleanup () {
|
||||
rm -f -- $files_to_clean
|
||||
}
|
||||
|
||||
|
||||
|
||||
################################################################
|
||||
## End of the public interfaces. Code beyond this point is not
|
||||
## meant to be called directly from a demo script.
|
||||
|
||||
trap 'cleanup; trap - HUP; kill -HUP $$' HUP
|
||||
trap 'cleanup; trap - INT; kill -INT $$' INT
|
||||
trap 'cleanup; trap - TERM; kill -TERM $$' TERM
|
||||
|
||||
if config_has MBEDTLS_ENTROPY_NV_SEED; then
|
||||
# Create a seedfile that's sufficiently long in all library configurations.
|
||||
# This is necessary for programs that use randomness.
|
||||
# Assume that the name of the seedfile is the default name.
|
||||
files_to_clean="$files_to_clean seedfile"
|
||||
dd if=/dev/urandom of=seedfile ibs=64 obs=64 count=1
|
||||
fi
|
|
@ -4,6 +4,7 @@ set(executables
|
|||
hmac_demo
|
||||
key_ladder_demo
|
||||
psa_constant_names
|
||||
psa_hash
|
||||
)
|
||||
|
||||
if(GEN_FILES)
|
||||
|
|
|
@ -15,36 +15,17 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -e -u
|
||||
. "${0%/*}/../demo_common.sh"
|
||||
|
||||
program_name="key_ladder_demo"
|
||||
program="${0%/*}/$program_name"
|
||||
files_to_clean=
|
||||
msg <<'EOF'
|
||||
This script demonstrates the use of the PSA cryptography interface to
|
||||
create a master key, derive a key from it and use that derived key to
|
||||
wrap some data using an AEAD algorithm.
|
||||
EOF
|
||||
|
||||
if [ ! -e "$program" ]; then
|
||||
# Look for programs in the current directory and the directories above it
|
||||
for dir in "." ".." "../.."; do
|
||||
program="$dir/programs/psa/$program_name"
|
||||
if [ -e "$program" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ ! -e "$program" ]; then
|
||||
echo "Could not find $program_name executable"
|
||||
depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO
|
||||
|
||||
echo "If building out-of-tree, this script must be run" \
|
||||
"from the project build directory."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
run () {
|
||||
echo
|
||||
echo "# $1"
|
||||
shift
|
||||
echo "+ $*"
|
||||
"$@"
|
||||
}
|
||||
program="${0%/*}"/key_ladder_demo
|
||||
|
||||
if [ -e master.key ]; then
|
||||
echo "# Reusing the existing master.key file."
|
||||
|
@ -68,7 +49,7 @@ run "Compare the unwrapped data with the original input." \
|
|||
cmp input.txt hello_world.txt
|
||||
|
||||
files_to_clean="$files_to_clean hellow_orld.txt"
|
||||
! run "Derive a different key and attempt to unwrap the data. This must fail." \
|
||||
run_bad "Derive a different key and attempt to unwrap the data." \
|
||||
"$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld
|
||||
|
||||
files_to_clean="$files_to_clean hello.key"
|
||||
|
@ -79,5 +60,4 @@ run "Check that we get the same key by unwrapping data made by the other key." \
|
|||
"$program" unwrap master=hello.key label=world \
|
||||
input=hello_world.wrap output=hello_world.txt
|
||||
|
||||
# Cleanup
|
||||
rm -f $files_to_clean
|
||||
cleanup
|
||||
|
|
171
programs/psa/psa_hash.c
Normal file
171
programs/psa/psa_hash.c
Normal file
|
@ -0,0 +1,171 @@
|
|||
/*
|
||||
* Example computing a SHA-256 hash using the PSA Crypto API
|
||||
*
|
||||
* The example computes the SHA-256 hash of a test string using the
|
||||
* one-shot API call psa_hash_compute() and the using multi-part
|
||||
* operation, which requires psa_hash_setup(), psa_hash_update() and
|
||||
* psa_hash_finish(). The multi-part operation is popular on embedded
|
||||
* devices where a rolling hash needs to be computed.
|
||||
*
|
||||
*
|
||||
* Copyright The Mbed TLS Contributors
|
||||
* SPDX-License-Identifier: Apache-2.0
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "psa/crypto.h"
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
/* Information about hashing with the PSA API can be
|
||||
* found here:
|
||||
* https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
|
||||
*
|
||||
* The algorithm used by this demo is SHA 256.
|
||||
* Please see include/psa/crypto_values.h to see the other
|
||||
* algorithms that are supported by Mbed TLS.
|
||||
* If you switch to a different algorithm you will need to update
|
||||
* the hash data in the EXAMPLE_HASH_VALUE macro below. */
|
||||
|
||||
#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
|
||||
"not defined.\r\n");
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
#else
|
||||
|
||||
#define HASH_ALG PSA_ALG_SHA_256
|
||||
|
||||
const uint8_t sample_message[] = "Hello World!";
|
||||
/* sample_message is terminated with a null byte which is not part of
|
||||
* the message itself so we make sure to subtract it in order to get
|
||||
* the message length. */
|
||||
const size_t sample_message_length = sizeof(sample_message) - 1;
|
||||
|
||||
#define EXPECTED_HASH_VALUE { \
|
||||
0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
|
||||
0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
|
||||
0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
|
||||
}
|
||||
|
||||
const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
|
||||
const size_t expected_hash_len = sizeof(expected_hash);
|
||||
|
||||
int main(void)
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
|
||||
size_t hash_length;
|
||||
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
|
||||
psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT;
|
||||
|
||||
mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
|
||||
|
||||
status = psa_crypto_init();
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_crypto_init failed\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
/* Compute hash using multi-part operation */
|
||||
status = psa_hash_setup(&hash_operation, HASH_ALG);
|
||||
if (status == PSA_ERROR_NOT_SUPPORTED) {
|
||||
mbedtls_printf("unknown hash algorithm supplied\n");
|
||||
return EXIT_FAILURE;
|
||||
} else if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_hash_setup failed\n");
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
|
||||
status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_hash_update failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
status = psa_hash_clone(&hash_operation, &cloned_hash_operation);
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("PSA hash clone failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_hash_finish failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Check the result of the operation against the sample */
|
||||
if (hash_length != expected_hash_len ||
|
||||
(memcmp(hash, expected_hash, expected_hash_len) != 0)) {
|
||||
mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
status =
|
||||
psa_hash_verify(&cloned_hash_operation, expected_hash,
|
||||
expected_hash_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_hash_verify failed\n");
|
||||
goto cleanup;
|
||||
} else {
|
||||
mbedtls_printf("Multi-part hash operation successful!\n");
|
||||
}
|
||||
|
||||
/* Clear local variables prior to one-shot hash demo */
|
||||
memset(hash, 0, sizeof(hash));
|
||||
hash_length = 0;
|
||||
|
||||
/* Compute hash using one-shot function call */
|
||||
status = psa_hash_compute(HASH_ALG,
|
||||
sample_message, sample_message_length,
|
||||
hash, sizeof(hash),
|
||||
&hash_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
mbedtls_printf("psa_hash_compute failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
if (hash_length != expected_hash_len ||
|
||||
(memcmp(hash, expected_hash, expected_hash_len) != 0)) {
|
||||
mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
mbedtls_printf("One-shot hash operation successful!\n\n");
|
||||
|
||||
/* Print out result */
|
||||
mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
|
||||
|
||||
for (size_t j = 0; j < expected_hash_len; j++) {
|
||||
mbedtls_printf("%02x", hash[j]);
|
||||
}
|
||||
|
||||
mbedtls_printf("\n");
|
||||
|
||||
mbedtls_psa_crypto_free();
|
||||
return EXIT_SUCCESS;
|
||||
|
||||
cleanup:
|
||||
psa_hash_abort(&hash_operation);
|
||||
psa_hash_abort(&cloned_hash_operation);
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */
|
|
@ -113,13 +113,13 @@ static void mbedtls_set_alarm(int seconds);
|
|||
#define HEADER_FORMAT " %-24s : "
|
||||
#define TITLE_LEN 25
|
||||
|
||||
#define OPTIONS \
|
||||
"md5, ripemd160, sha1, sha256, sha512,\n" \
|
||||
"sha3_224, sha3_256, sha3_384, sha3_512,\n" \
|
||||
"des3, des, camellia, chacha20,\n" \
|
||||
"aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
|
||||
"aes_cmac, des3_cmac, poly1305\n" \
|
||||
"ctr_drbg, hmac_drbg\n" \
|
||||
#define OPTIONS \
|
||||
"md5, ripemd160, sha1, sha256, sha512,\n" \
|
||||
"sha3_224, sha3_256, sha3_384, sha3_512,\n" \
|
||||
"des3, des, camellia, chacha20,\n" \
|
||||
"aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \
|
||||
"aes_cmac, des3_cmac, poly1305\n" \
|
||||
"ctr_drbg, hmac_drbg\n" \
|
||||
"rsa, dhm, ecdsa, ecdh.\n"
|
||||
|
||||
#if defined(MBEDTLS_ERROR_C)
|
||||
|
@ -510,7 +510,7 @@ typedef struct {
|
|||
char md5, ripemd160, sha1, sha256, sha512,
|
||||
sha3_224, sha3_256, sha3_384, sha3_512,
|
||||
des3, des,
|
||||
aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
|
||||
aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly,
|
||||
aes_cmac, des3_cmac,
|
||||
aria, camellia, chacha20,
|
||||
poly1305,
|
||||
|
@ -570,6 +570,10 @@ int main(int argc, char *argv[])
|
|||
todo.des = 1;
|
||||
} else if (strcmp(argv[i], "aes_cbc") == 0) {
|
||||
todo.aes_cbc = 1;
|
||||
} else if (strcmp(argv[i], "aes_cfb128") == 0) {
|
||||
todo.aes_cfb128 = 1;
|
||||
} else if (strcmp(argv[i], "aes_cfb8") == 0) {
|
||||
todo.aes_cfb8 = 1;
|
||||
} else if (strcmp(argv[i], "aes_xts") == 0) {
|
||||
todo.aes_xts = 1;
|
||||
} else if (strcmp(argv[i], "aes_gcm") == 0) {
|
||||
|
@ -675,6 +679,7 @@ int main(int argc, char *argv[])
|
|||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if (todo.des3) {
|
||||
mbedtls_des3_context des3;
|
||||
|
||||
mbedtls_des3_init(&des3);
|
||||
if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
|
||||
mbedtls_exit(1);
|
||||
|
@ -686,6 +691,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
if (todo.des) {
|
||||
mbedtls_des_context des;
|
||||
|
||||
mbedtls_des_init(&des);
|
||||
if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
|
||||
mbedtls_exit(1);
|
||||
|
@ -718,6 +724,7 @@ int main(int argc, char *argv[])
|
|||
if (todo.aes_cbc) {
|
||||
int keysize;
|
||||
mbedtls_aes_context aes;
|
||||
|
||||
mbedtls_aes_init(&aes);
|
||||
for (keysize = 128; keysize <= 256; keysize += 64) {
|
||||
mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
|
||||
|
@ -732,6 +739,44 @@ int main(int argc, char *argv[])
|
|||
mbedtls_aes_free(&aes);
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CFB)
|
||||
if (todo.aes_cfb128) {
|
||||
int keysize;
|
||||
size_t iv_off = 0;
|
||||
mbedtls_aes_context aes;
|
||||
|
||||
mbedtls_aes_init(&aes);
|
||||
for (keysize = 128; keysize <= 256; keysize += 64) {
|
||||
mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
|
||||
|
||||
TIME_AND_TSC(title,
|
||||
mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
|
||||
&iv_off, tmp, buf, buf));
|
||||
}
|
||||
mbedtls_aes_free(&aes);
|
||||
}
|
||||
if (todo.aes_cfb8) {
|
||||
int keysize;
|
||||
mbedtls_aes_context aes;
|
||||
|
||||
mbedtls_aes_init(&aes);
|
||||
for (keysize = 128; keysize <= 256; keysize += 64) {
|
||||
mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
|
||||
|
||||
TIME_AND_TSC(title,
|
||||
mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
|
||||
}
|
||||
mbedtls_aes_free(&aes);
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||
if (todo.aes_xts) {
|
||||
int keysize;
|
||||
|
@ -849,6 +894,7 @@ int main(int argc, char *argv[])
|
|||
if (todo.aria) {
|
||||
int keysize;
|
||||
mbedtls_aria_context aria;
|
||||
|
||||
mbedtls_aria_init(&aria);
|
||||
for (keysize = 128; keysize <= 256; keysize += 64) {
|
||||
mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
|
||||
|
@ -869,6 +915,7 @@ int main(int argc, char *argv[])
|
|||
if (todo.camellia) {
|
||||
int keysize;
|
||||
mbedtls_camellia_context camellia;
|
||||
|
||||
mbedtls_camellia_init(&camellia);
|
||||
for (keysize = 128; keysize <= 256; keysize += 64) {
|
||||
mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
|
||||
|
@ -975,6 +1022,7 @@ int main(int argc, char *argv[])
|
|||
if (todo.rsa) {
|
||||
int keysize;
|
||||
mbedtls_rsa_context rsa;
|
||||
|
||||
for (keysize = 2048; keysize <= 4096; keysize *= 2) {
|
||||
mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
|
||||
|
||||
|
@ -1017,6 +1065,7 @@ int main(int argc, char *argv[])
|
|||
mbedtls_dhm_context dhm;
|
||||
size_t olen;
|
||||
size_t n;
|
||||
|
||||
for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
|
||||
mbedtls_dhm_init(&dhm);
|
||||
|
||||
|
@ -1130,6 +1179,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
if (curve_list == (const mbedtls_ecp_curve_info *) &single_curve) {
|
||||
mbedtls_ecp_group grp;
|
||||
|
||||
mbedtls_ecp_group_init(&grp);
|
||||
if (mbedtls_ecp_group_load(&grp, curve_list->grp_id) != 0) {
|
||||
mbedtls_exit(1);
|
||||
|
|
|
@ -18,34 +18,21 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -e -u
|
||||
. "${0%/*}/../demo_common.sh"
|
||||
|
||||
program_name="dlopen"
|
||||
program_dir="${0%/*}"
|
||||
program="$program_dir/$program_name"
|
||||
msg "Test the dynamic loading of libmbed*"
|
||||
|
||||
program="$programs_dir/test/dlopen"
|
||||
library_dir="$root_dir/library"
|
||||
|
||||
# Skip this test if we don't have a shared library build. Detect this
|
||||
# through the absence of the demo program.
|
||||
if [ ! -e "$program" ]; then
|
||||
# Look for programs in the current directory and the directories above it
|
||||
for dir in "." ".." "../.."; do
|
||||
program_dir="$dir/programs/test"
|
||||
program="$program_dir/$program_name"
|
||||
if [ -e "$program" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ ! -e "$program" ]; then
|
||||
echo "Could not find $program_name program"
|
||||
|
||||
echo "Make sure that Mbed TLS is built as a shared library." \
|
||||
"If building out-of-tree, this script must be run" \
|
||||
"from the project build directory."
|
||||
exit 1
|
||||
fi
|
||||
msg "$0: this demo requires a shared library build."
|
||||
# Exit with a success status so that this counts as a pass for run_demos.py.
|
||||
exit
|
||||
fi
|
||||
|
||||
top_dir="$program_dir/../.."
|
||||
library_dir="$top_dir/library"
|
||||
|
||||
# ELF-based Unix-like (Linux, *BSD, Solaris, ...)
|
||||
if [ -n "${LD_LIBRARY_PATH-}" ]; then
|
||||
LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH"
|
||||
|
@ -62,6 +49,6 @@ else
|
|||
fi
|
||||
export DYLD_LIBRARY_PATH
|
||||
|
||||
echo "Running dynamic loading test program: $program"
|
||||
echo "Loading libraries from: $library_dir"
|
||||
msg "Running dynamic loading test program: $program"
|
||||
msg "Loading libraries from: $library_dir"
|
||||
"$program"
|
||||
|
|
|
@ -261,6 +261,10 @@ usage:
|
|||
|
||||
if ((subtype_value = strchr(q, ':')) != NULL) {
|
||||
*subtype_value++ = '\0';
|
||||
} else {
|
||||
mbedtls_printf(
|
||||
"Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
|
||||
goto usage;
|
||||
}
|
||||
if (strcmp(q, "RFC822") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
|
||||
|
|
|
@ -583,6 +583,10 @@ usage:
|
|||
|
||||
if ((subtype_value = strchr(q, ':')) != NULL) {
|
||||
*subtype_value++ = '\0';
|
||||
} else {
|
||||
mbedtls_printf(
|
||||
"Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
|
||||
goto usage;
|
||||
}
|
||||
if (strcmp(q, "RFC822") == 0) {
|
||||
cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
|
||||
|
|
|
@ -170,13 +170,6 @@ echo
|
|||
print_version "$OPENSSL" "version" "default"
|
||||
echo
|
||||
|
||||
if [ -n "${OPENSSL_LEGACY+set}" ]; then
|
||||
print_version "$OPENSSL_LEGACY" "version" "legacy"
|
||||
else
|
||||
echo " * openssl (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
if [ -n "${OPENSSL_NEXT+set}" ]; then
|
||||
print_version "$OPENSSL_NEXT" "version" "next"
|
||||
else
|
||||
|
@ -192,20 +185,6 @@ echo
|
|||
print_version "$GNUTLS_SERV" "--version" "default" "head -n 1"
|
||||
echo
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_CLI" "--version" "legacy" "head -n 1"
|
||||
else
|
||||
echo " * gnutls-cli (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
|
||||
print_version "$GNUTLS_LEGACY_SERV" "--version" "legacy" "head -n 1"
|
||||
else
|
||||
echo " * gnutls-serv (legacy): Not configured."
|
||||
fi
|
||||
echo
|
||||
|
||||
echo " * Installed asan versions:"
|
||||
if type dpkg-query >/dev/null 2>/dev/null; then
|
||||
if ! dpkg-query -f '${Status} ${Package}: ${Version}\n' -W 'libasan*' |
|
||||
|
|
|
@ -108,6 +108,7 @@ FILTER=""
|
|||
EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305'
|
||||
VERBOSE=""
|
||||
MEMCHECK=0
|
||||
PRESERVE_LOGS=0
|
||||
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
||||
|
||||
# hidden option: skip DTLS with OpenSSL
|
||||
|
@ -129,6 +130,7 @@ print_usage() {
|
|||
printf " --list-test-case\tList all potential test cases (No Execution)\n"
|
||||
printf " --outcome-file\tFile where test outcomes are written\n"
|
||||
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
|
||||
printf " --preserve-logs\tPreserve logs of successful tests as well\n"
|
||||
}
|
||||
|
||||
# print_test_case <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
|
||||
|
@ -197,6 +199,9 @@ get_options() {
|
|||
--outcome-file)
|
||||
shift; MBEDTLS_TEST_OUTCOME_FILE=$1
|
||||
;;
|
||||
--preserve-logs)
|
||||
PRESERVE_LOGS=1
|
||||
;;
|
||||
-h|--help)
|
||||
print_usage
|
||||
exit 0
|
||||
|
@ -629,7 +634,7 @@ setup_arguments()
|
|||
fi
|
||||
|
||||
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$O_MODE"
|
||||
O_SERVER_ARGS="-accept $PORT -cipher ALL,COMPLEMENTOFALL -$O_MODE"
|
||||
G_SERVER_ARGS="-p $PORT --http $G_MODE"
|
||||
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
|
||||
|
||||
|
@ -887,12 +892,16 @@ record_outcome() {
|
|||
fi
|
||||
}
|
||||
|
||||
save_logs() {
|
||||
cp $SRV_OUT c-srv-${TESTS}.log
|
||||
cp $CLI_OUT c-cli-${TESTS}.log
|
||||
}
|
||||
|
||||
# display additional information if test case fails
|
||||
report_fail() {
|
||||
FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
|
||||
record_outcome "FAIL" "$FAIL_PROMPT"
|
||||
cp $SRV_OUT c-srv-${TESTS}.log
|
||||
cp $CLI_OUT c-cli-${TESTS}.log
|
||||
save_logs
|
||||
echo " ! $FAIL_PROMPT"
|
||||
|
||||
if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
|
||||
|
@ -1010,6 +1019,9 @@ run_client() {
|
|||
case $RESULT in
|
||||
"0")
|
||||
record_outcome "PASS"
|
||||
if [ "$PRESERVE_LOGS" -gt 0 ]; then
|
||||
save_logs
|
||||
fi
|
||||
;;
|
||||
"1")
|
||||
record_outcome "SKIP"
|
||||
|
|
|
@ -32,6 +32,14 @@
|
|||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_CMAC)
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
|
||||
#undef MBEDTLS_PSA_ACCEL_ALG_CMAC
|
||||
#else
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_CTR)
|
||||
#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR)
|
||||
#undef MBEDTLS_PSA_ACCEL_ALG_CTR
|
||||
|
@ -395,7 +403,6 @@
|
|||
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
|
||||
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
|
||||
|
|
|
@ -28,9 +28,6 @@
|
|||
#include <psa/crypto.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_LIGHT)
|
||||
#include "mbedtls/md.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
/** Initialize the PSA Crypto subsystem. */
|
||||
|
|
|
@ -50,10 +50,13 @@
|
|||
# * G++
|
||||
# * arm-gcc and mingw-gcc
|
||||
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
|
||||
# * OpenSSL and GnuTLS command line tools, recent enough for the
|
||||
# interoperability tests. If they don't support old features which we want
|
||||
# to test, then a legacy version of these tools must be present as well
|
||||
# (search for LEGACY below).
|
||||
# * OpenSSL and GnuTLS command line tools, in suitable versions for the
|
||||
# interoperability tests. The following are the official versions at the
|
||||
# time of writing:
|
||||
# * GNUTLS_{CLI,SERV} = 3.4.10
|
||||
# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
|
||||
# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
|
||||
# * OPENSSL_NEXT = 1.1.1a
|
||||
# See the invocation of check_tools below for details.
|
||||
#
|
||||
# This script must be invoked from the toplevel directory of a git
|
||||
|
@ -179,12 +182,9 @@ pre_initialize_variables () {
|
|||
|
||||
# Default commands, can be overridden by the environment
|
||||
: ${OPENSSL:="openssl"}
|
||||
: ${OPENSSL_LEGACY:="$OPENSSL"}
|
||||
: ${OPENSSL_NEXT:="$OPENSSL"}
|
||||
: ${GNUTLS_CLI:="gnutls-cli"}
|
||||
: ${GNUTLS_SERV:="gnutls-serv"}
|
||||
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
|
||||
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
|
||||
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
|
||||
: ${ARMC5_BIN_DIR:=/usr/bin}
|
||||
: ${ARMC6_BIN_DIR:=/usr/bin}
|
||||
|
@ -300,10 +300,7 @@ Tool path options:
|
|||
--gcc-latest=<GCC_latest_path> Latest version of GCC available
|
||||
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
|
||||
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
|
||||
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
|
||||
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
|
||||
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
|
||||
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests..
|
||||
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
|
||||
EOF
|
||||
}
|
||||
|
@ -474,8 +471,8 @@ pre_parse_command_line () {
|
|||
--gcc-earliest) shift; GCC_EARLIEST="$1";;
|
||||
--gcc-latest) shift; GCC_LATEST="$1";;
|
||||
--gnutls-cli) shift; GNUTLS_CLI="$1";;
|
||||
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
|
||||
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
|
||||
--gnutls-legacy-cli) shift;; # ignored for backward compatibility
|
||||
--gnutls-legacy-serv) shift;; # ignored for backward compatibility
|
||||
--gnutls-serv) shift; GNUTLS_SERV="$1";;
|
||||
--help|-h) usage; exit;;
|
||||
--keep-going|-k) KEEP_GOING=1;;
|
||||
|
@ -489,7 +486,6 @@ pre_parse_command_line () {
|
|||
--no-memory) MEMORY=0;;
|
||||
--no-quiet) QUIET=0;;
|
||||
--openssl) shift; OPENSSL="$1";;
|
||||
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
|
||||
--openssl-next) shift; OPENSSL_NEXT="$1";;
|
||||
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
|
||||
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
|
||||
|
@ -744,12 +740,9 @@ pre_print_configuration () {
|
|||
echo "SEED: ${SEED-"UNSET"}"
|
||||
echo
|
||||
echo "OPENSSL: $OPENSSL"
|
||||
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
|
||||
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
|
||||
echo "GNUTLS_CLI: $GNUTLS_CLI"
|
||||
echo "GNUTLS_SERV: $GNUTLS_SERV"
|
||||
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
|
||||
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
|
||||
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
|
||||
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
|
||||
}
|
||||
|
@ -773,13 +766,10 @@ pre_check_tools () {
|
|||
if [ -n "${SEED-}" ]; then
|
||||
export SEED
|
||||
fi
|
||||
set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
|
||||
set "$@" OPENSSL="$OPENSSL"
|
||||
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
|
||||
set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
|
||||
set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
|
||||
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
|
||||
"$GNUTLS_CLI" "$GNUTLS_SERV" \
|
||||
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
|
||||
check_tools "$OPENSSL" "$OPENSSL_NEXT" \
|
||||
"$GNUTLS_CLI" "$GNUTLS_SERV"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@ -874,7 +864,7 @@ pre_generate_files() {
|
|||
# Example:
|
||||
# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
# 4b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
|
||||
# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
|
||||
# additional arguments will be passed to make: this can be useful if
|
||||
# you don't want to build everything when iterating during development.
|
||||
# Example:
|
||||
|
@ -1073,6 +1063,9 @@ component_test_default_out_of_box () {
|
|||
|
||||
msg "selftest: make, default config (out-of-box)" # ~10s
|
||||
programs/test/selftest
|
||||
|
||||
msg "program demos: make, default config (out-of-box)" # ~10s
|
||||
tests/scripts/run_demos.py
|
||||
}
|
||||
|
||||
component_test_default_cmake_gcc_asan () {
|
||||
|
@ -1083,6 +1076,9 @@ component_test_default_cmake_gcc_asan () {
|
|||
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||
make test
|
||||
|
||||
msg "program demos (ASan build)" # ~10s
|
||||
tests/scripts/run_demos.py
|
||||
|
||||
msg "test: selftest (ASan build)" # ~ 10s
|
||||
programs/test/selftest
|
||||
|
||||
|
@ -1872,6 +1868,9 @@ component_test_full_cmake_clang () {
|
|||
msg "test: cpp_dummy_build (full config, clang)" # ~ 1s
|
||||
programs/test/cpp_dummy_build
|
||||
|
||||
msg "program demos (full config, clang)" # ~10s
|
||||
tests/scripts/run_demos.py
|
||||
|
||||
msg "test: psa_constant_names (full config, clang)" # ~ 1s
|
||||
tests/scripts/test_psa_constant_names.py
|
||||
|
||||
|
@ -1879,7 +1878,7 @@ component_test_full_cmake_clang () {
|
|||
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
|
||||
|
||||
msg "test: compat.sh NULL (full config)" # ~ 2 min
|
||||
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL'
|
||||
tests/compat.sh -e '^$' -f 'NULL'
|
||||
|
||||
msg "test: compat.sh ARIA + ChachaPoly"
|
||||
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||
|
@ -2055,6 +2054,9 @@ component_test_full_deprecated_warning () {
|
|||
|
||||
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
|
||||
make test
|
||||
|
||||
msg "program demos: full config + MBEDTLS_TEST_DEPRECATED" # ~10s
|
||||
tests/scripts/run_demos.py
|
||||
}
|
||||
|
||||
# Check that the specified libraries exist and are empty.
|
||||
|
@ -2286,7 +2288,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
|||
tests/compat.sh
|
||||
|
||||
msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
env OPENSSL="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -f 'NULL'
|
||||
tests/compat.sh -f 'NULL'
|
||||
|
||||
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
|
||||
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||
|
@ -3526,21 +3528,21 @@ component_test_psa_crypto_config_reference_hash_use_psa() {
|
|||
component_test_psa_crypto_config_accel_cipher () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated cipher"
|
||||
|
||||
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 ALG_CTR ALG_CFB ALG_OFB ALG_XTS KEY_TYPE_DES"
|
||||
loc_accel_list="ALG_CBC_NO_PADDING ALG_CBC_PKCS7 \
|
||||
ALG_CTR ALG_CFB ALG_OFB ALG_XTS \
|
||||
KEY_TYPE_DES ALG_CMAC"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from the default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
# There is no intended accelerator support for STREAM_CIPHER and
|
||||
# ECB_NO_PADDING. Therefore, asking for them in the build implies the
|
||||
# inclusion of the Mbed TLS cipher operations. As we want to test here with
|
||||
# cipher operations solely supported by accelerators, disabled those
|
||||
# PSA configuration options by helper_libtestdriver1_adjust_config.
|
||||
|
||||
# There is no intended accelerator support for ALG CMAC. Therefore, asking
|
||||
# for it in the build implies the inclusion of the Mbed TLS cipher
|
||||
# operations. As we want to test here with cipher operations solely
|
||||
# supported by accelerators, disabled this PSA configuration option.
|
||||
# (Note: the same applies to STREAM_CIPHER and ECB_NO_PADDING, which are
|
||||
# already disabled by helper_libtestdriver1_adjust_config above.)
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
|
||||
# Start from the full config
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Disable the things that are being accelerated
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
|
||||
|
@ -3550,6 +3552,7 @@ component_test_psa_crypto_config_accel_cipher () {
|
|||
scripts/config.py unset MBEDTLS_CIPHER_MODE_OFB
|
||||
scripts/config.py unset MBEDTLS_CIPHER_MODE_XTS
|
||||
scripts/config.py unset MBEDTLS_DES_C
|
||||
scripts/config.py unset MBEDTLS_CMAC_C
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
@ -3571,21 +3574,19 @@ component_test_psa_crypto_config_accel_cipher () {
|
|||
component_test_psa_crypto_config_accel_aead () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated AEAD"
|
||||
|
||||
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
|
||||
loc_accel_list="ALG_GCM ALG_CCM ALG_CHACHA20_POLY1305 \
|
||||
KEY_TYPE_AES KEY_TYPE_CHACHA20 KEY_TYPE_ARIA KEY_TYPE_CAMELLIA"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
# Start from default config (no TLS 1.3, no USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "default"
|
||||
# Start from full config
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Disable things that are being accelerated
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
# Features that depend on AEAD
|
||||
scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
|
||||
scripts/config.py unset MBEDTLS_SSL_TICKET_C
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
@ -3919,45 +3920,107 @@ component_build_tfm() {
|
|||
make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
|
||||
}
|
||||
|
||||
component_build_aes_variations() { # ~45s
|
||||
# Test that the given .o file builds with all (valid) combinations of the given options.
|
||||
#
|
||||
# Syntax: build_test_config_combos FILE VALIDATOR_FUNCTION OPT1 OPT2 ...
|
||||
#
|
||||
# The validator function is the name of a function to validate the combination of options.
|
||||
# It may be "" if all combinations are valid.
|
||||
# It receives a string containing a combination of options, as passed to the compiler,
|
||||
# e.g. "-DOPT1 -DOPT2 ...". It must return 0 iff the combination is valid, non-zero if invalid.
|
||||
build_test_config_combos() {
|
||||
file=$1
|
||||
shift
|
||||
validate_options=$1
|
||||
shift
|
||||
options=("$@")
|
||||
|
||||
# clear all of the options so that they can be overridden on the clang commandline
|
||||
for opt in "${options[@]}"; do
|
||||
./scripts/config.py unset ${opt}
|
||||
done
|
||||
|
||||
# enter the directory containing the target file & strip the dir from the filename
|
||||
cd $(dirname ${file})
|
||||
file=$(basename ${file})
|
||||
|
||||
# The most common issue is unused variables/functions, so ensure -Wunused is set.
|
||||
warning_flags="-Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
||||
|
||||
# Extract the command generated by the Makefile to build the target file.
|
||||
# This ensures that we have any include paths, macro definitions, etc
|
||||
# that may be applied by make.
|
||||
# Add -fsyntax-only as we only want a syntax check and don't need to generate a file.
|
||||
compile_cmd="clang \$(LOCAL_CFLAGS) ${warning_flags} -fsyntax-only -c"
|
||||
|
||||
makefile=$(TMPDIR=. mktemp)
|
||||
deps=""
|
||||
|
||||
len=${#options[@]}
|
||||
source_file=${file%.o}.c
|
||||
|
||||
targets=0
|
||||
echo 'include Makefile' >${makefile}
|
||||
|
||||
for ((i = 0; i < $((2**${len})); i++)); do
|
||||
# generate each of 2^n combinations of options
|
||||
# each bit of $i is used to determine if options[i] will be set or not
|
||||
target="t"
|
||||
clang_args=""
|
||||
for ((j = 0; j < ${len}; j++)); do
|
||||
if (((i >> j) & 1)); then
|
||||
opt=-D${options[$j]}
|
||||
clang_args="${clang_args} ${opt}"
|
||||
target="${target}${opt}"
|
||||
fi
|
||||
done
|
||||
|
||||
# if combination is not known to be invalid, add it to the makefile
|
||||
if [[ -z $validate_options ]] || $validate_options "${clang_args}"; then
|
||||
cmd="${compile_cmd} ${clang_args}"
|
||||
echo "${target}: ${source_file}; $cmd ${source_file}" >> ${makefile}
|
||||
|
||||
deps="${deps} ${target}"
|
||||
((++targets))
|
||||
fi
|
||||
done
|
||||
|
||||
echo "build_test_config_combos: ${deps}" >> ${makefile}
|
||||
|
||||
# execute all of the commands via Make (probably in parallel)
|
||||
make -s -f ${makefile} build_test_config_combos
|
||||
echo "$targets targets checked"
|
||||
|
||||
# clean up the temporary makefile
|
||||
rm ${makefile}
|
||||
}
|
||||
|
||||
validate_aes_config_variations() {
|
||||
if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
|
||||
if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
|
||||
return 1
|
||||
fi
|
||||
if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
|
||||
("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
component_build_aes_variations() {
|
||||
# 18s - around 90ms per clang invocation on M1 Pro
|
||||
#
|
||||
# aes.o has many #if defined(...) guards that intersect in complex ways.
|
||||
# Test that all the combinations build cleanly. The most common issue is
|
||||
# unused variables/functions, so ensure -Wunused is set.
|
||||
# Test that all the combinations build cleanly.
|
||||
|
||||
msg "build: aes.o for all combinations of relevant config options"
|
||||
|
||||
for a in set unset; do
|
||||
for b in set unset; do
|
||||
for c in set unset; do
|
||||
for d in set unset; do
|
||||
for e in set unset; do
|
||||
for f in set unset; do
|
||||
for g in set unset; do
|
||||
echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
|
||||
echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
|
||||
echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
|
||||
echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
|
||||
echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
|
||||
echo ./scripts/config.py $g MBEDTLS_PADLOCK_C
|
||||
|
||||
./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
|
||||
./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
|
||||
./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
|
||||
./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
|
||||
./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
|
||||
./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
|
||||
./scripts/config.py $g MBEDTLS_PADLOCK_C
|
||||
|
||||
rm -f library/aes.o
|
||||
make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
done
|
||||
build_test_config_combos library/aes.o validate_aes_config_variations \
|
||||
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
|
||||
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
|
||||
"MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
|
||||
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
|
||||
}
|
||||
|
||||
component_test_no_platform () {
|
||||
|
@ -5220,6 +5283,9 @@ component_test_memsan () {
|
|||
msg "test: main suites (MSan)" # ~ 10s
|
||||
make test
|
||||
|
||||
msg "program demos (MSan)" # ~20s
|
||||
tests/scripts/run_demos.py
|
||||
|
||||
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
|
||||
tests/ssl-opt.sh
|
||||
|
||||
|
|
|
@ -22,17 +22,23 @@ class Results:
|
|||
self.error_count = 0
|
||||
self.warning_count = 0
|
||||
|
||||
@staticmethod
|
||||
def log(fmt, *args, **kwargs):
|
||||
sys.stderr.write((fmt + '\n').format(*args, **kwargs))
|
||||
def new_section(self, fmt, *args, **kwargs):
|
||||
self._print_line('\n*** ' + fmt + ' ***\n', *args, **kwargs)
|
||||
|
||||
def info(self, fmt, *args, **kwargs):
|
||||
self._print_line('Info: ' + fmt, *args, **kwargs)
|
||||
|
||||
def error(self, fmt, *args, **kwargs):
|
||||
self.log('Error: ' + fmt, *args, **kwargs)
|
||||
self.error_count += 1
|
||||
self._print_line('Error: ' + fmt, *args, **kwargs)
|
||||
|
||||
def warning(self, fmt, *args, **kwargs):
|
||||
self.log('Warning: ' + fmt, *args, **kwargs)
|
||||
self.warning_count += 1
|
||||
self._print_line('Warning: ' + fmt, *args, **kwargs)
|
||||
|
||||
@staticmethod
|
||||
def _print_line(fmt, *args, **kwargs):
|
||||
sys.stderr.write((fmt + '\n').format(*args, **kwargs))
|
||||
|
||||
class TestCaseOutcomes:
|
||||
"""The outcomes of one test case across many configurations."""
|
||||
|
@ -53,25 +59,24 @@ class TestCaseOutcomes:
|
|||
"""
|
||||
return len(self.successes) + len(self.failures)
|
||||
|
||||
def execute_reference_driver_tests(ref_component, driver_component, outcome_file):
|
||||
def execute_reference_driver_tests(results: Results, ref_component, driver_component, \
|
||||
outcome_file):
|
||||
"""Run the tests specified in ref_component and driver_component. Results
|
||||
are stored in the output_file and they will be used for the following
|
||||
coverage analysis"""
|
||||
# If the outcome file already exists, we assume that the user wants to
|
||||
# perform the comparison analysis again without repeating the tests.
|
||||
if os.path.exists(outcome_file):
|
||||
Results.log("Outcome file (" + outcome_file + ") already exists. " + \
|
||||
"Tests will be skipped.")
|
||||
results.info("Outcome file ({}) already exists. Tests will be skipped.", outcome_file)
|
||||
return
|
||||
|
||||
shell_command = "tests/scripts/all.sh --outcome-file " + outcome_file + \
|
||||
" " + ref_component + " " + driver_component
|
||||
Results.log("Running: " + shell_command)
|
||||
results.info("Running: {}", shell_command)
|
||||
ret_val = subprocess.run(shell_command.split(), check=False).returncode
|
||||
|
||||
if ret_val != 0:
|
||||
Results.log("Error: failed to run reference/driver components")
|
||||
sys.exit(ret_val)
|
||||
results.error("failed to run reference/driver components")
|
||||
|
||||
def analyze_coverage(results, outcomes, allow_list, full_coverage):
|
||||
"""Check that all available test cases are executed at least once."""
|
||||
|
@ -90,7 +95,8 @@ def analyze_coverage(results, outcomes, allow_list, full_coverage):
|
|||
else:
|
||||
results.warning('Allow listed test case was executed: {}', key)
|
||||
|
||||
def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
|
||||
def analyze_driver_vs_reference(results: Results, outcomes,
|
||||
component_ref, component_driver,
|
||||
ignored_suites, ignored_test=None):
|
||||
"""Check that all tests executed in the reference component are also
|
||||
executed in the corresponding driver component.
|
||||
|
@ -100,7 +106,6 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
|
|||
output string is provided
|
||||
"""
|
||||
available = check_test_cases.collect_available_test_cases()
|
||||
result = True
|
||||
|
||||
for key in available:
|
||||
# Continue if test was not executed by any component
|
||||
|
@ -125,16 +130,12 @@ def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
|
|||
if component_ref in entry:
|
||||
reference_test_passed = True
|
||||
if(reference_test_passed and not driver_test_passed):
|
||||
Results.log(key)
|
||||
result = False
|
||||
return result
|
||||
results.error("Did not pass with driver: {}", key)
|
||||
|
||||
def analyze_outcomes(outcomes, args):
|
||||
def analyze_outcomes(results: Results, outcomes, args):
|
||||
"""Run all analyses on the given outcome collection."""
|
||||
results = Results()
|
||||
analyze_coverage(results, outcomes, args['allow_list'],
|
||||
args['full_coverage'])
|
||||
return results
|
||||
|
||||
def read_outcome_file(outcome_file):
|
||||
"""Parse an outcome file and return an outcome collection.
|
||||
|
@ -157,29 +158,30 @@ by a semicolon.
|
|||
outcomes[key].failures.append(setup)
|
||||
return outcomes
|
||||
|
||||
def do_analyze_coverage(outcome_file, args):
|
||||
def do_analyze_coverage(results: Results, outcome_file, args):
|
||||
"""Perform coverage analysis."""
|
||||
results.new_section("Analyze coverage")
|
||||
outcomes = read_outcome_file(outcome_file)
|
||||
Results.log("\n*** Analyze coverage ***\n")
|
||||
results = analyze_outcomes(outcomes, args)
|
||||
return results.error_count == 0
|
||||
analyze_outcomes(results, outcomes, args)
|
||||
|
||||
def do_analyze_driver_vs_reference(outcome_file, args):
|
||||
def do_analyze_driver_vs_reference(results: Results, outcome_file, args):
|
||||
"""Perform driver vs reference analyze."""
|
||||
execute_reference_driver_tests(args['component_ref'], \
|
||||
args['component_driver'], outcome_file)
|
||||
results.new_section("Analyze driver {} vs reference {}",
|
||||
args['component_driver'], args['component_ref'])
|
||||
|
||||
execute_reference_driver_tests(results, args['component_ref'], \
|
||||
args['component_driver'], outcome_file)
|
||||
|
||||
ignored_suites = ['test_suite_' + x for x in args['ignored_suites']]
|
||||
|
||||
outcomes = read_outcome_file(outcome_file)
|
||||
Results.log("\n*** Analyze driver {} vs reference {} ***\n".format(
|
||||
args['component_driver'], args['component_ref']))
|
||||
return analyze_driver_vs_reference(outcomes, args['component_ref'],
|
||||
args['component_driver'], ignored_suites,
|
||||
args['ignored_tests'])
|
||||
|
||||
analyze_driver_vs_reference(results, outcomes,
|
||||
args['component_ref'], args['component_driver'],
|
||||
ignored_suites, args['ignored_tests'])
|
||||
|
||||
# List of tasks with a function that can handle this task and additional arguments if required
|
||||
TASKS = {
|
||||
KNOWN_TASKS = {
|
||||
'analyze_coverage': {
|
||||
'test_function': do_analyze_coverage,
|
||||
'args': {
|
||||
|
@ -641,11 +643,13 @@ TASKS = {
|
|||
}
|
||||
|
||||
def main():
|
||||
main_results = Results()
|
||||
|
||||
try:
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument('outcomes', metavar='OUTCOMES.CSV',
|
||||
help='Outcome file to analyze')
|
||||
parser.add_argument('task', default='all', nargs='?',
|
||||
parser.add_argument('specified_tasks', default='all', nargs='?',
|
||||
help='Analysis to be done. By default, run all tasks. '
|
||||
'With one or more TASK, run only those. '
|
||||
'TASK can be the name of a single task or '
|
||||
|
@ -660,33 +664,31 @@ def main():
|
|||
options = parser.parse_args()
|
||||
|
||||
if options.list:
|
||||
for task in TASKS:
|
||||
Results.log(task)
|
||||
for task in KNOWN_TASKS:
|
||||
print(task)
|
||||
sys.exit(0)
|
||||
|
||||
result = True
|
||||
|
||||
if options.task == 'all':
|
||||
tasks = TASKS.keys()
|
||||
if options.specified_tasks == 'all':
|
||||
tasks_list = KNOWN_TASKS.keys()
|
||||
else:
|
||||
tasks = re.split(r'[, ]+', options.task)
|
||||
tasks_list = re.split(r'[, ]+', options.specified_tasks)
|
||||
for task in tasks_list:
|
||||
if task not in KNOWN_TASKS:
|
||||
sys.stderr.write('invalid task: {}'.format(task))
|
||||
sys.exit(2)
|
||||
|
||||
for task in tasks:
|
||||
if task not in TASKS:
|
||||
Results.log('Error: invalid task: {}'.format(task))
|
||||
sys.exit(1)
|
||||
KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
|
||||
|
||||
TASKS['analyze_coverage']['args']['full_coverage'] = \
|
||||
options.full_coverage
|
||||
for task in tasks_list:
|
||||
test_function = KNOWN_TASKS[task]['test_function']
|
||||
test_args = KNOWN_TASKS[task]['args']
|
||||
test_function(main_results, options.outcomes, test_args)
|
||||
|
||||
for task in TASKS:
|
||||
if task in tasks:
|
||||
if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']):
|
||||
result = False
|
||||
main_results.info("Overall results: {} warnings and {} errors",
|
||||
main_results.warning_count, main_results.error_count)
|
||||
|
||||
sys.exit(0 if (main_results.error_count == 0) else 1)
|
||||
|
||||
if result is False:
|
||||
sys.exit(1)
|
||||
Results.log("SUCCESS :-)")
|
||||
except Exception: # pylint: disable=broad-except
|
||||
# Print the backtrace and exit explicitly with our chosen status.
|
||||
traceback.print_exc()
|
||||
|
|
|
@ -48,11 +48,8 @@ if [ -d library -a -d include -a -d tests ]; then :; else
|
|||
fi
|
||||
|
||||
: ${OPENSSL:="openssl"}
|
||||
: ${OPENSSL_LEGACY:="$OPENSSL"}
|
||||
: ${GNUTLS_CLI:="gnutls-cli"}
|
||||
: ${GNUTLS_SERV:="gnutls-serv"}
|
||||
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
|
||||
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
|
||||
|
||||
# Used to make ssl-opt.sh deterministic.
|
||||
#
|
||||
|
@ -78,11 +75,8 @@ CONFIG_BAK="$CONFIG_H.bak"
|
|||
|
||||
# Step 0 - print build environment info
|
||||
OPENSSL="$OPENSSL" \
|
||||
OPENSSL_LEGACY="$OPENSSL_LEGACY" \
|
||||
GNUTLS_CLI="$GNUTLS_CLI" \
|
||||
GNUTLS_SERV="$GNUTLS_SERV" \
|
||||
GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
|
||||
GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
|
||||
scripts/output_env.sh
|
||||
echo
|
||||
|
||||
|
@ -124,9 +118,7 @@ echo '################ compat.sh ################'
|
|||
sh compat.sh
|
||||
echo
|
||||
|
||||
echo '#### compat.sh: legacy (null)'
|
||||
OPENSSL="$OPENSSL_LEGACY" \
|
||||
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
|
||||
echo '#### compat.sh: null cipher'
|
||||
sh compat.sh -e '^$' -f 'NULL'
|
||||
echo
|
||||
|
||||
|
|
|
@ -162,24 +162,6 @@ def is_windows_file(filepath):
|
|||
return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj')
|
||||
|
||||
|
||||
class PermissionIssueTracker(FileIssueTracker):
|
||||
"""Track files with bad permissions.
|
||||
|
||||
Files that are not executable scripts must not be executable."""
|
||||
|
||||
heading = "Incorrect permissions:"
|
||||
|
||||
# .py files can be either full scripts or modules, so they may or may
|
||||
# not be executable.
|
||||
suffix_exemptions = frozenset({".py"})
|
||||
|
||||
def check_file_for_issue(self, filepath):
|
||||
is_executable = os.access(filepath, os.X_OK)
|
||||
should_be_executable = filepath.endswith((".sh", ".pl"))
|
||||
if is_executable != should_be_executable:
|
||||
self.files_with_issues[filepath] = None
|
||||
|
||||
|
||||
class ShebangIssueTracker(FileIssueTracker):
|
||||
"""Track files with a bad, missing or extraneous shebang line.
|
||||
|
||||
|
@ -386,7 +368,6 @@ class IntegrityChecker:
|
|||
self.logger = None
|
||||
self.setup_logger(log_file)
|
||||
self.issues_to_check = [
|
||||
PermissionIssueTracker(),
|
||||
ShebangIssueTracker(),
|
||||
EndOfFileNewlineIssueTracker(),
|
||||
Utf8BomIssueTracker(),
|
||||
|
|
63
tests/scripts/run_demos.py
Executable file
63
tests/scripts/run_demos.py
Executable file
|
@ -0,0 +1,63 @@
|
|||
#!/usr/bin/env python3
|
||||
"""Run the Mbed TLS demo scripts.
|
||||
"""
|
||||
import argparse
|
||||
import glob
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
def run_demo(demo, quiet=False):
|
||||
"""Run the specified demo script. Return True if it succeeds."""
|
||||
args = {}
|
||||
if quiet:
|
||||
args['stdout'] = subprocess.DEVNULL
|
||||
args['stderr'] = subprocess.DEVNULL
|
||||
returncode = subprocess.call([demo], **args)
|
||||
return returncode == 0
|
||||
|
||||
def run_demos(demos, quiet=False):
|
||||
"""Run the specified demos and print summary information about failures.
|
||||
|
||||
Return True if all demos passed and False if a demo fails.
|
||||
"""
|
||||
failures = []
|
||||
for demo in demos:
|
||||
if not quiet:
|
||||
print('#### {} ####'.format(demo))
|
||||
success = run_demo(demo, quiet=quiet)
|
||||
if not success:
|
||||
failures.append(demo)
|
||||
if not quiet:
|
||||
print('{}: FAIL'.format(demo))
|
||||
if quiet:
|
||||
print('{}: {}'.format(demo, 'PASS' if success else 'FAIL'))
|
||||
else:
|
||||
print('')
|
||||
successes = len(demos) - len(failures)
|
||||
print('{}/{} demos passed'.format(successes, len(demos)))
|
||||
if failures and not quiet:
|
||||
print('Failures:', *failures)
|
||||
return not failures
|
||||
|
||||
def run_all_demos(quiet=False):
|
||||
"""Run all the available demos.
|
||||
|
||||
Return True if all demos passed and False if a demo fails.
|
||||
"""
|
||||
all_demos = glob.glob('programs/*/*_demo.sh')
|
||||
if not all_demos:
|
||||
# Keep the message on one line. pylint: disable=line-too-long
|
||||
raise Exception('No demos found. run_demos needs to operate from the Mbed TLS toplevel directory.')
|
||||
return run_demos(all_demos, quiet=quiet)
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description=__doc__)
|
||||
parser.add_argument('--quiet', '-q',
|
||||
action='store_true',
|
||||
help="suppress the output of demos")
|
||||
options = parser.parse_args()
|
||||
success = run_all_demos(quiet=options.quiet)
|
||||
sys.exit(0 if success else 1)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -33,7 +33,6 @@
|
|||
#include "test/drivers/signature.h"
|
||||
#include "test/drivers/hash.h"
|
||||
|
||||
#include "mbedtls/md.h"
|
||||
#include "mbedtls/ecdsa.h"
|
||||
|
||||
#include "test/random.h"
|
||||
|
|
|
@ -81,14 +81,6 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl"
|
|||
|
||||
# alternative versions of OpenSSL and GnuTLS (no default path)
|
||||
|
||||
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
||||
O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||
O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
|
||||
else
|
||||
O_LEGACY_SRV=false
|
||||
O_LEGACY_CLI=false
|
||||
fi
|
||||
|
||||
if [ -n "${OPENSSL_NEXT:-}" ]; then
|
||||
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
|
||||
O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key"
|
||||
|
@ -644,20 +636,6 @@ requires_gnutls_next() {
|
|||
fi
|
||||
}
|
||||
|
||||
# skip next test if OpenSSL-legacy isn't available
|
||||
requires_openssl_legacy() {
|
||||
if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
|
||||
if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
|
||||
OPENSSL_LEGACY_AVAILABLE="YES"
|
||||
else
|
||||
OPENSSL_LEGACY_AVAILABLE="NO"
|
||||
fi
|
||||
fi
|
||||
if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
requires_openssl_next() {
|
||||
if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
|
||||
if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
|
||||
|
@ -1915,11 +1893,6 @@ O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
|
|||
G_SRV="$G_SRV -p $SRV_PORT"
|
||||
G_CLI="$G_CLI -p +SRV_PORT"
|
||||
|
||||
if [ -n "${OPENSSL_LEGACY:-}" ]; then
|
||||
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
|
||||
O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
|
||||
fi
|
||||
|
||||
# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
|
||||
# low-security ones. This covers not just cipher suites but also protocol
|
||||
# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
|
||||
|
@ -2599,32 +2572,32 @@ run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
|
|||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
|
||||
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_521
|
||||
run_test_psa_force_curve "secp521r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512
|
||||
run_test_psa_force_curve "brainpoolP512r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_384
|
||||
run_test_psa_force_curve "secp384r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384
|
||||
run_test_psa_force_curve "brainpoolP384r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_256
|
||||
run_test_psa_force_curve "secp256r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_K1_256
|
||||
run_test_psa_force_curve "secp256k1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
|
||||
run_test_psa_force_curve "brainpoolP256r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_224
|
||||
run_test_psa_force_curve "secp224r1"
|
||||
## SECP224K1 is buggy via the PSA API
|
||||
## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
|
||||
## so it is disabled in PSA even when it's enabled in Mbed TLS.
|
||||
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
|
||||
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
|
||||
#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
|
||||
#requires_config_enabled PSA_WANT_ECC_SECP_K1_224
|
||||
#run_test_psa_force_curve "secp224k1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_192
|
||||
run_test_psa_force_curve "secp192r1"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_K1_192
|
||||
run_test_psa_force_curve "secp192k1"
|
||||
|
||||
# Test current time in ServerHello
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
#include "mbedtls/gcm.h"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
|
||||
#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C)
|
||||
#define MBEDTLS_CIPHER_AUTH_CRYPT
|
||||
#endif
|
||||
|
||||
|
@ -85,7 +85,7 @@ exit:
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
|
||||
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
|
||||
/* Helper for resetting key/direction
|
||||
*
|
||||
* The documentation doesn't explicitly say whether calling
|
||||
|
@ -842,7 +842,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
|
||||
void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
|
||||
data_t *ad, data_t *cipher, data_t *tag,
|
||||
char *result, data_t *clear, int use_psa)
|
||||
|
@ -1218,6 +1218,8 @@ void check_set_padding(int cipher_id)
|
|||
const mbedtls_cipher_info_t *cipher_info;
|
||||
size_t keylen = 0;
|
||||
|
||||
mbedtls_cipher_init(&ctx);
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_type(cipher_id);
|
||||
|
||||
if (cipher_info->mode != MBEDTLS_MODE_CBC) {
|
||||
|
@ -1228,8 +1230,6 @@ void check_set_padding(int cipher_id)
|
|||
TEST_CALLOC(key, keylen/8);
|
||||
memset(key, 0, keylen/8);
|
||||
|
||||
mbedtls_cipher_init(&ctx);
|
||||
|
||||
TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info));
|
||||
|
||||
TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen,
|
||||
|
|
|
@ -340,11 +340,11 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
|||
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
|
||||
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt multipart: AES-CTR, 15 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
|
||||
cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fake
|
||||
|
@ -372,7 +372,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
|
|||
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fallback
|
||||
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_ALG_CTR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES
|
||||
cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fake
|
||||
|
@ -460,7 +460,7 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS
|
||||
|
||||
PSA AEAD encrypt: AES-CCM, 24 bytes, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY
|
||||
|
@ -472,7 +472,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS
|
||||
|
||||
PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
|
||||
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
|
||||
|
@ -484,7 +484,7 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
|
||||
|
||||
PSA AEAD decrypt: AES-CCM, 39 bytes, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CCM
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY
|
||||
|
@ -496,7 +496,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
|
||||
|
||||
PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
|
||||
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
|
||||
|
@ -536,7 +536,7 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC
|
|||
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
|
||||
|
||||
PSA MAC sign, fallback: CMAC-AES-128
|
||||
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
|
||||
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA MAC sign, driver reports error: CMAC-AES-128
|
||||
|
@ -576,7 +576,7 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC
|
|||
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
|
||||
|
||||
PSA MAC verify, fallback: CMAC-AES-128
|
||||
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
|
||||
mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA MAC verify, driver reports error: CMAC-AES-128
|
||||
|
@ -802,7 +802,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
|
||||
aead_encrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA AEAD encrypt setup, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
|
||||
|
@ -814,7 +814,7 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
|
|||
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, fallback
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
|
||||
depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_GCM
|
||||
aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
|
||||
|
||||
PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory
|
||||
|
|
|
@ -17,8 +17,6 @@
|
|||
#include "psa_crypto_slot_management.h"
|
||||
#include "psa_crypto_storage.h"
|
||||
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
#define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY"
|
||||
#define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH (sizeof(PSA_KEY_STORAGE_MAGIC_HEADER))
|
||||
|
||||
|
|
Loading…
Reference in a new issue