Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
This commit is contained in:
commit
67c86e626b
11 changed files with 273 additions and 307 deletions
|
@ -49,8 +49,8 @@
|
|||
*/
|
||||
#include "psa/build_info.h"
|
||||
|
||||
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
|
||||
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
|
||||
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u)
|
||||
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u)
|
||||
#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
|
||||
(c) : (b) : (a) <= (c) ? (c) : (a))
|
||||
|
||||
|
@ -71,20 +71,20 @@
|
|||
*/
|
||||
#define PSA_HASH_LENGTH(alg) \
|
||||
( \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \
|
||||
0)
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \
|
||||
0u)
|
||||
|
||||
/** The input block size of a hash algorithm, in bytes.
|
||||
*
|
||||
|
@ -103,20 +103,20 @@
|
|||
*/
|
||||
#define PSA_HASH_BLOCK_LENGTH(alg) \
|
||||
( \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \
|
||||
0)
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \
|
||||
PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \
|
||||
0u)
|
||||
|
||||
/** \def PSA_HASH_MAX_SIZE
|
||||
*
|
||||
|
@ -131,35 +131,35 @@
|
|||
/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
|
||||
* see the note on MBEDTLS_MD_MAX_SIZE for details. */
|
||||
#if defined(PSA_WANT_ALG_SHA3_224)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_256)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136u
|
||||
#elif defined(PSA_WANT_ALG_SHA_512)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
|
||||
#elif defined(PSA_WANT_ALG_SHA_384)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_384)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104u
|
||||
#elif defined(PSA_WANT_ALG_SHA3_512)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72u
|
||||
#elif defined(PSA_WANT_ALG_SHA_256)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#elif defined(PSA_WANT_ALG_SHA_224)
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#else /* SHA-1 or smaller */
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
|
||||
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u
|
||||
#endif
|
||||
|
||||
#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512)
|
||||
#define PSA_HASH_MAX_SIZE 64
|
||||
#define PSA_HASH_MAX_SIZE 64u
|
||||
#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384)
|
||||
#define PSA_HASH_MAX_SIZE 48
|
||||
#define PSA_HASH_MAX_SIZE 48u
|
||||
#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256)
|
||||
#define PSA_HASH_MAX_SIZE 32
|
||||
#define PSA_HASH_MAX_SIZE 32u
|
||||
#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224)
|
||||
#define PSA_HASH_MAX_SIZE 28
|
||||
#define PSA_HASH_MAX_SIZE 28u
|
||||
#else /* SHA-1 or smaller */
|
||||
#define PSA_HASH_MAX_SIZE 20
|
||||
#define PSA_HASH_MAX_SIZE 20u
|
||||
#endif
|
||||
|
||||
/** \def PSA_MAC_MAX_SIZE
|
||||
|
@ -200,13 +200,13 @@
|
|||
#define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \
|
||||
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
|
||||
PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
|
||||
((void) (key_bits), 0))
|
||||
((void) (key_bits), 0u))
|
||||
|
||||
/** The maximum tag size for all supported AEAD algorithms, in bytes.
|
||||
*
|
||||
* See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg).
|
||||
*/
|
||||
#define PSA_AEAD_TAG_MAX_SIZE 16
|
||||
#define PSA_AEAD_TAG_MAX_SIZE 16u
|
||||
|
||||
/* The maximum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
|
@ -221,7 +221,7 @@
|
|||
*
|
||||
* Note that an implementation may set different size limits for different
|
||||
* operations, and does not need to accept all key sizes up to the limit. */
|
||||
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
|
||||
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u
|
||||
|
||||
/* The minimum size of an RSA key on this implementation, in bits.
|
||||
* This is a vendor-specific macro.
|
||||
|
@ -239,38 +239,38 @@
|
|||
*
|
||||
* Note that an implementation may set different size limits for different
|
||||
* operations, and does not need to accept all key sizes up to the limit. */
|
||||
#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192
|
||||
#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
|
||||
|
||||
/* The maximum size of an ECC key on this implementation, in bits.
|
||||
* This is a vendor-specific macro. */
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u
|
||||
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u
|
||||
#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u
|
||||
#elif defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
|
||||
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u
|
||||
#elif defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
|
||||
#elif defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
|
||||
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u
|
||||
#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u
|
||||
#elif defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
|
||||
#elif defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u
|
||||
#elif defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
|
||||
#elif defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u
|
||||
#else
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0
|
||||
#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u
|
||||
#endif
|
||||
|
||||
/** This macro returns the maximum supported length of the PSK for the
|
||||
|
@ -288,23 +288,23 @@
|
|||
* Therefore, no implementation should define a value smaller than 64
|
||||
* for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE.
|
||||
*/
|
||||
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
|
||||
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u
|
||||
|
||||
/* The expected size of input passed to psa_tls12_ecjpake_to_pms_input,
|
||||
* which is expected to work with P-256 curve only. */
|
||||
#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65
|
||||
#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u
|
||||
|
||||
/* The size of a serialized K.X coordinate to be used in
|
||||
* psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256
|
||||
* curve. */
|
||||
#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
|
||||
#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u
|
||||
|
||||
/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
|
||||
* This is a vendor-specific macro. This can be configured if necessary */
|
||||
#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff
|
||||
#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU
|
||||
|
||||
/** The maximum size of a block cipher. */
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
|
||||
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u
|
||||
|
||||
/** The size of the output of psa_mac_sign_finish(), in bytes.
|
||||
*
|
||||
|
@ -331,7 +331,7 @@
|
|||
((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \
|
||||
PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \
|
||||
PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
((void) (key_type), (void) (key_bits), 0))
|
||||
((void) (key_type), (void) (key_bits), 0u))
|
||||
|
||||
/** The maximum size of the output of psa_aead_encrypt(), in bytes.
|
||||
*
|
||||
|
@ -362,7 +362,7 @@
|
|||
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \
|
||||
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \
|
||||
(plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
|
@ -416,7 +416,7 @@
|
|||
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
|
||||
(ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \
|
||||
(ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
|
@ -466,12 +466,12 @@
|
|||
*/
|
||||
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \
|
||||
0 : \
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \
|
||||
0u : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \
|
||||
0)
|
||||
MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \
|
||||
0u)
|
||||
|
||||
/** The maximum default nonce size among all supported pairs of key types and
|
||||
* AEAD algorithms, in bytes.
|
||||
|
@ -484,7 +484,7 @@
|
|||
* just the largest size that may be generated by
|
||||
* #psa_aead_generate_nonce().
|
||||
*/
|
||||
#define PSA_AEAD_NONCE_MAX_SIZE 13
|
||||
#define PSA_AEAD_NONCE_MAX_SIZE 13u
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_update().
|
||||
*
|
||||
|
@ -521,7 +521,7 @@
|
|||
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \
|
||||
(input_length) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_aead_update(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
|
@ -561,7 +561,7 @@
|
|||
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
|
||||
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
|
@ -595,7 +595,7 @@
|
|||
(PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \
|
||||
PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
|
||||
* supported key types and AEAD algorithms.
|
||||
|
@ -606,8 +606,8 @@
|
|||
|
||||
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
|
||||
(PSA_ALG_IS_RSA_OAEP(alg) ? \
|
||||
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
|
||||
11 /*PKCS#1v1.5*/)
|
||||
2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \
|
||||
11u /*PKCS#1v1.5*/)
|
||||
|
||||
/**
|
||||
* \brief ECDSA signature size for a given curve bit size
|
||||
|
@ -618,7 +618,7 @@
|
|||
* \note This macro returns a compile-time constant if its argument is one.
|
||||
*/
|
||||
#define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \
|
||||
(PSA_BITS_TO_BYTES(curve_bits) * 2)
|
||||
(PSA_BITS_TO_BYTES(curve_bits) * 2u)
|
||||
|
||||
/** Sufficient signature buffer size for psa_sign_hash().
|
||||
*
|
||||
|
@ -648,7 +648,7 @@
|
|||
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
|
||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
|
||||
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
|
||||
((void) alg, 0))
|
||||
((void) alg, 0u))
|
||||
|
||||
#define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \
|
||||
PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
|
||||
|
@ -701,7 +701,7 @@
|
|||
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
|
||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
|
||||
((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
|
||||
* supported asymmetric encryption.
|
||||
|
@ -740,7 +740,7 @@
|
|||
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
|
||||
(PSA_KEY_TYPE_IS_RSA(key_type) ? \
|
||||
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
|
||||
* supported asymmetric decryption.
|
||||
|
@ -763,7 +763,7 @@
|
|||
* - 0 to 1 bytes of leading 0 due to the sign bit.
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \
|
||||
((bits) / 8 + 5)
|
||||
((bits) / 8u + 5u)
|
||||
|
||||
/* Maximum size of the export encoding of an RSA public key.
|
||||
* Assumes that the public exponent is less than 2^32.
|
||||
|
@ -777,7 +777,7 @@
|
|||
* - 7 bytes for the public exponent.
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u)
|
||||
|
||||
/* Maximum size of the export encoding of an RSA key pair.
|
||||
* Assumes that the public exponent is less than 2^32 and that the size
|
||||
|
@ -802,7 +802,7 @@
|
|||
* - 7 bytes for the public exponent.
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \
|
||||
(9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14)
|
||||
(9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u)
|
||||
|
||||
/* Maximum size of the export encoding of a DSA public key.
|
||||
*
|
||||
|
@ -821,7 +821,7 @@
|
|||
* - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits).
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59)
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u)
|
||||
|
||||
/* Maximum size of the export encoding of a DSA key pair.
|
||||
*
|
||||
|
@ -840,7 +840,7 @@
|
|||
* - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits).
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75)
|
||||
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u)
|
||||
|
||||
/* Maximum size of the export encoding of an ECC public key.
|
||||
*
|
||||
|
@ -853,7 +853,7 @@
|
|||
* - 1 byte + 2 * point size.
|
||||
*/
|
||||
#define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \
|
||||
(2 * PSA_BITS_TO_BYTES(key_bits) + 1)
|
||||
(2u * PSA_BITS_TO_BYTES(key_bits) + 1u)
|
||||
|
||||
/* Maximum size of the export encoding of an ECC key pair.
|
||||
*
|
||||
|
@ -922,7 +922,7 @@
|
|||
(key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** Sufficient output buffer size for psa_export_public_key().
|
||||
*
|
||||
|
@ -973,7 +973,7 @@
|
|||
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||
PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
|
||||
0)
|
||||
0u)
|
||||
|
||||
/** Sufficient buffer size for exporting any asymmetric key pair.
|
||||
*
|
||||
|
@ -1065,7 +1065,7 @@
|
|||
*/
|
||||
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
|
||||
((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
|
||||
PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0)
|
||||
PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u)
|
||||
|
||||
/** Maximum size of the output from psa_raw_key_agreement().
|
||||
*
|
||||
|
@ -1120,15 +1120,15 @@
|
|||
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||
(alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||
(alg) == PSA_ALG_STREAM_CIPHER ? 12 : \
|
||||
(alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \
|
||||
0)
|
||||
(alg) == PSA_ALG_STREAM_CIPHER ? 12u : \
|
||||
(alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \
|
||||
0u)
|
||||
|
||||
/** The maximum IV size for all supported cipher algorithms, in bytes.
|
||||
*
|
||||
* See also #PSA_CIPHER_IV_LENGTH().
|
||||
*/
|
||||
#define PSA_CIPHER_IV_MAX_SIZE 16
|
||||
#define PSA_CIPHER_IV_MAX_SIZE 16u
|
||||
|
||||
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
|
||||
*
|
||||
|
@ -1153,15 +1153,15 @@
|
|||
* recognized, or the parameters are incompatible,
|
||||
* return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
(input_length) + 1) + \
|
||||
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||
0))
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
(input_length) + 1u) + \
|
||||
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||
0u))
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
|
@ -1174,9 +1174,9 @@
|
|||
* \param input_length Size of the input in bytes.
|
||||
*
|
||||
*/
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
|
||||
(input_length) + 1) + \
|
||||
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
|
||||
(input_length) + 1u) + \
|
||||
PSA_CIPHER_IV_MAX_SIZE)
|
||||
|
||||
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
|
||||
|
@ -1198,11 +1198,11 @@
|
|||
* recognized, or the parameters are incompatible,
|
||||
* return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) && \
|
||||
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) && \
|
||||
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
|
||||
(input_length) : \
|
||||
0)
|
||||
(input_length) : \
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
|
@ -1235,16 +1235,16 @@
|
|||
* algorithm. If the key type or cipher algorithm is not
|
||||
* recognized, or the parameters are incompatible, return 0.
|
||||
*/
|
||||
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
|
||||
(((alg) == PSA_ALG_CBC_PKCS7 || \
|
||||
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
input_length) : \
|
||||
(input_length)) : 0) : \
|
||||
0)
|
||||
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \
|
||||
(((alg) == PSA_ALG_CBC_PKCS7 || \
|
||||
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
|
||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||
input_length) : \
|
||||
(input_length)) : 0u) : \
|
||||
0u)
|
||||
|
||||
/** A sufficient output buffer size for psa_cipher_update(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
|
@ -1280,8 +1280,8 @@
|
|||
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||
0) : \
|
||||
0)
|
||||
0u) : \
|
||||
0u)
|
||||
|
||||
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
|
||||
* supported key types and cipher algorithms.
|
||||
|
|
|
@ -6749,20 +6749,17 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2,
|
|||
const uint8_t *data,
|
||||
size_t data_length)
|
||||
{
|
||||
if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET &&
|
||||
pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
|
||||
if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
|
||||
pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
|
||||
} else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
|
||||
/* Appending to existing salt. No state change. */
|
||||
} else {
|
||||
return PSA_ERROR_BAD_STATE;
|
||||
}
|
||||
|
||||
if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
|
||||
pbkdf2->salt = mbedtls_calloc(1, data_length);
|
||||
if (pbkdf2->salt == NULL) {
|
||||
return PSA_ERROR_INSUFFICIENT_MEMORY;
|
||||
}
|
||||
|
||||
memcpy(pbkdf2->salt, data, data_length);
|
||||
pbkdf2->salt_length = data_length;
|
||||
} else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
|
||||
if (data_length == 0) {
|
||||
/* Appending an empty string, nothing to do. */
|
||||
} else {
|
||||
uint8_t *next_salt;
|
||||
|
||||
next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length);
|
||||
|
@ -6770,15 +6767,14 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2,
|
|||
return PSA_ERROR_INSUFFICIENT_MEMORY;
|
||||
}
|
||||
|
||||
memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
|
||||
if (pbkdf2->salt_length != 0) {
|
||||
memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
|
||||
}
|
||||
memcpy(next_salt + pbkdf2->salt_length, data, data_length);
|
||||
pbkdf2->salt_length += data_length;
|
||||
mbedtls_free(pbkdf2->salt);
|
||||
pbkdf2->salt = next_salt;
|
||||
}
|
||||
|
||||
pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
|
|
|
@ -208,7 +208,6 @@ EXCLUDE_FROM_FULL = frozenset([
|
|||
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
|
||||
'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
|
||||
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
||||
'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config
|
||||
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
|
||||
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
|
||||
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
||||
|
|
|
@ -23,11 +23,31 @@
|
|||
*/
|
||||
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
|
||||
/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
|
||||
* built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
|
||||
* would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
|
||||
* here we arrange to have both active so that psa_crypto_*.c includes
|
||||
* the built-in implementations and the driver code can call the built-in
|
||||
* implementations.
|
||||
*
|
||||
* The point of this test mode is to verify that the
|
||||
* driver entry points are called when they should be in a lightweight
|
||||
* way, without requiring an actual driver. This is different from builds
|
||||
* with libtestdriver1, where we make a copy of the library source code
|
||||
* and use that as an external driver.
|
||||
*/
|
||||
|
||||
/* Enable the use of the test driver in the library, and build the generic
|
||||
* part of the test driver. */
|
||||
#define PSA_CRYPTO_DRIVER_TEST
|
||||
|
||||
/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
|
||||
* built-in implementations won't be enabled. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
|
||||
#error \
|
||||
"PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||
#endif
|
||||
|
||||
/* Use the accelerator driver for all cryptographic mechanisms for which
|
||||
* the test driver implemented. */
|
||||
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* mbedtls_config.h wrapper that forces calloc(0) to return NULL.
|
||||
/* mbedtls_config.h modifier that forces calloc(0) to return NULL.
|
||||
* Used for testing.
|
||||
*/
|
||||
/*
|
||||
|
@ -18,8 +18,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include "mbedtls/mbedtls_config.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#ifndef MBEDTLS_PLATFORM_STD_CALLOC
|
|
@ -1472,6 +1472,7 @@ component_test_sw_inet_pton () {
|
|||
component_test_crypto_full_md_light_only () {
|
||||
msg "build: crypto_full with only the light subset of MD"
|
||||
scripts/config.py crypto_full
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Disable MD
|
||||
scripts/config.py unset MBEDTLS_MD_C
|
||||
# Disable direct dependencies of MD_C
|
||||
|
@ -1499,6 +1500,9 @@ component_test_full_no_cipher () {
|
|||
msg "build: full minus CIPHER"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CIPHER_C
|
||||
# Don't pull in cipher via PSA mechanisms
|
||||
# (currently ignored anyway because we completely disable PSA)
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
# Direct dependencies
|
||||
scripts/config.py unset MBEDTLS_CCM_C
|
||||
scripts/config.py unset MBEDTLS_CMAC_C
|
||||
|
@ -2374,7 +2378,7 @@ component_test_psa_crypto_config_accel_ecdh () {
|
|||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_ffdh () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
|
||||
msg "build: full with accelerated FFDH"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_FFDH \
|
||||
|
@ -2410,15 +2414,15 @@ component_test_psa_crypto_config_accel_ffdh () {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
|
||||
msg "test: full with accelerated FFDH"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH alg"
|
||||
msg "ssl-opt: full with accelerated FFDH alg"
|
||||
tests/ssl-opt.sh -f "ffdh"
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_reference_ffdh () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
|
||||
msg "build: full with non-accelerated FFDH"
|
||||
|
||||
# Start with full (USE_PSA and TLS 1.3)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
@ -2428,15 +2432,15 @@ component_test_psa_crypto_config_reference_ffdh () {
|
|||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
|
||||
make
|
||||
|
||||
msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
|
||||
msg "test suites: full with non-accelerated FFDH alg"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA"
|
||||
msg "ssl-opt: full with non-accelerated FFDH alg"
|
||||
tests/ssl-opt.sh -f "ffdh"
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_pake() {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
msg "build: full with accelerated PAKE"
|
||||
|
||||
loc_accel_list="ALG_JPAKE"
|
||||
|
||||
|
@ -2462,7 +2466,7 @@ component_test_psa_crypto_config_accel_pake() {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
msg "test: full with accelerated PAKE"
|
||||
make test
|
||||
}
|
||||
|
||||
|
@ -2477,7 +2481,7 @@ component_test_psa_crypto_config_accel_pake() {
|
|||
# - component_test_psa_crypto_config_accel_ecc_ecp_light_only;
|
||||
# - component_test_psa_crypto_config_reference_ecc_ecp_light_only.
|
||||
# This supports comparing their test coverage with analyze_outcomes.py.
|
||||
config_psa_crypto_config_ecp_ligh_only () {
|
||||
config_psa_crypto_config_ecp_light_only () {
|
||||
DRIVER_ONLY="$1"
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
@ -2497,7 +2501,7 @@ config_psa_crypto_config_ecp_ligh_only () {
|
|||
|
||||
# Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only
|
||||
component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
||||
msg "build: full with accelerated EC algs"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
|
@ -2513,7 +2517,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
|||
# ---------
|
||||
|
||||
# Use the same config as reference, only without built-in EC algs
|
||||
config_psa_crypto_config_ecp_ligh_only 1
|
||||
config_psa_crypto_config_ecp_light_only 1
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
@ -2533,25 +2537,25 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
||||
msg "test suites: full with accelerated EC algs"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA"
|
||||
msg "ssl-opt: full with accelerated EC algs"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
# Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only
|
||||
component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
||||
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs"
|
||||
|
||||
config_psa_crypto_config_ecp_ligh_only 0
|
||||
config_psa_crypto_config_ecp_light_only 0
|
||||
|
||||
make
|
||||
|
||||
msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
||||
msg "test suites: full with non-accelerated EC algs"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA"
|
||||
msg "ssl-opt: full with non-accelerated EC algs"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
|
@ -2599,7 +2603,7 @@ config_psa_crypto_no_ecp_at_all () {
|
|||
#
|
||||
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
||||
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
||||
msg "build: full + accelerated EC algs + USE_PSA - ECP"
|
||||
msg "build: full + accelerated EC algs - ECP"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
|
@ -2638,10 +2642,10 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: full + accelerated EC algs + USE_PSA - ECP"
|
||||
msg "test: full + accelerated EC algs - ECP"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP"
|
||||
msg "ssl-opt: full + accelerated EC algs - ECP"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
|
@ -2649,16 +2653,16 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
|||
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
|
||||
# Keep in sync with its accelerated counterpart.
|
||||
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
|
||||
msg "build: full + non accelerated EC algs + USE_PSA"
|
||||
msg "build: full + non accelerated EC algs"
|
||||
|
||||
config_psa_crypto_no_ecp_at_all 0
|
||||
|
||||
make
|
||||
|
||||
msg "test: full + non accelerated EC algs + USE_PSA"
|
||||
msg "test: full + non accelerated EC algs"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
|
||||
msg "ssl-opt: full + non accelerated EC algs"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
|
@ -2883,7 +2887,7 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
|
|||
psa_crypto_config_accel_all_curves_except_one () {
|
||||
BUILTIN_CURVE=$1
|
||||
|
||||
msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
|
||||
msg "build: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
|
||||
|
||||
# Accelerate all EC algs (all EC curves are automatically accelerated as
|
||||
# well in the built-in version due to the "PSA_WANT_xxx" symbols in
|
||||
|
@ -2973,7 +2977,7 @@ psa_crypto_config_accel_all_curves_except_one () {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO"
|
||||
msg "test: full + all accelerated EC algs (excl $BUILTIN_CURVE)"
|
||||
make test
|
||||
}
|
||||
|
||||
|
@ -2997,9 +3001,8 @@ build_and_test_psa_want_key_pair_partial() {
|
|||
UNSET_OPTION=$2
|
||||
DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}"
|
||||
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
|
@ -3009,7 +3012,7 @@ build_and_test_psa_want_key_pair_partial() {
|
|||
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}"
|
||||
msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}"
|
||||
make test
|
||||
}
|
||||
|
||||
|
@ -3229,7 +3232,7 @@ config_psa_crypto_hash_use_psa () {
|
|||
# is related to this component and both components need to be kept in sync.
|
||||
# For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa.
|
||||
component_test_psa_crypto_config_accel_hash_use_psa () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
msg "test: full with accelerated hashes"
|
||||
|
||||
loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
|
||||
|
||||
|
@ -3256,18 +3259,18 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
|||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
msg "test: full with accelerated hashes"
|
||||
make test
|
||||
|
||||
# This is mostly useful so that we can later compare outcome files with
|
||||
# the reference config in analyze_outcomes.py, to check that the
|
||||
# dependency declarations in ssl-opt.sh and in TLS code are correct.
|
||||
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
msg "test: ssl-opt.sh, full with accelerated hashes"
|
||||
tests/ssl-opt.sh
|
||||
|
||||
# This is to make sure all ciphersuites are exercised, but we don't need
|
||||
# interop testing (besides, we already got some from ssl-opt.sh).
|
||||
msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
msg "test: compat.sh, full with accelerated hashes"
|
||||
tests/compat.sh -p mbedTLS -V YES
|
||||
}
|
||||
|
||||
|
@ -3276,16 +3279,16 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
|||
# script to find regression in test coverage when accelerated hash is used (tests and ssl-opt).
|
||||
# Both components need to be kept in sync.
|
||||
component_test_psa_crypto_config_reference_hash_use_psa() {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
||||
msg "test: full without accelerated hashes"
|
||||
|
||||
config_psa_crypto_hash_use_psa 0
|
||||
|
||||
make
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
||||
msg "test: full without accelerated hashes"
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA"
|
||||
msg "test: ssl-opt.sh, full without accelerated hashes"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
|
@ -3372,47 +3375,27 @@ component_test_psa_crypto_config_accel_aead () {
|
|||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_pake() {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
|
||||
loc_accel_list="ALG_JPAKE"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# Make build-in fallback not available
|
||||
scripts/config.py unset MBEDTLS_ECJPAKE_C
|
||||
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Make sure this was not re-enabled by accident (additive config)
|
||||
not grep mbedtls_ecjpake_init library/ecjpake.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_chachapoly_disabled() {
|
||||
# full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
|
||||
component_test_aead_chachapoly_disabled() {
|
||||
msg "build: full minus CHACHAPOLY"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
|
||||
msg "test: full minus CHACHAPOLY"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_aead_only_ccm() {
|
||||
msg "build: full minus CHACHAPOLY and GCM"
|
||||
scripts/config.py full
|
||||
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
|
||||
scripts/config.py unset MBEDTLS_GCM_C
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full minus CHACHAPOLY and GCM"
|
||||
make test
|
||||
}
|
||||
|
||||
|
@ -3430,11 +3413,8 @@ component_test_ccm_aes_sha256() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
|
||||
component_build_psa_accel_alg_ecdh() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH
|
||||
# without MBEDTLS_ECDH_C
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py unset MBEDTLS_ECDH_C
|
||||
|
@ -3449,10 +3429,8 @@ component_build_psa_accel_alg_ecdh() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test.
|
||||
component_build_psa_accel_key_type_ecc_key_pair() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
|
||||
|
@ -3467,10 +3445,8 @@ component_build_psa_accel_key_type_ecc_key_pair() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test.
|
||||
component_build_psa_accel_key_type_ecc_public_key() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||
|
@ -3485,10 +3461,8 @@ component_build_psa_accel_key_type_ecc_public_key() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
|
||||
component_build_psa_accel_alg_hmac() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||
|
@ -3497,11 +3471,8 @@ component_build_psa_accel_alg_hmac() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
|
||||
component_build_psa_accel_alg_hkdf() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF
|
||||
# without MBEDTLS_HKDF_C
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py unset MBEDTLS_HKDF_C
|
||||
|
@ -3513,10 +3484,8 @@ component_build_psa_accel_alg_hkdf() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_md5() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
|
||||
|
@ -3534,10 +3503,8 @@ component_build_psa_accel_alg_md5() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_ripemd160() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3555,10 +3522,8 @@ component_build_psa_accel_alg_ripemd160() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_sha1() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3576,10 +3541,8 @@ component_build_psa_accel_alg_sha1() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_sha224() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3594,10 +3557,8 @@ component_build_psa_accel_alg_sha224() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_sha256() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3612,10 +3573,8 @@ component_build_psa_accel_alg_sha256() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_sha384() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3632,10 +3591,8 @@ component_build_psa_accel_alg_sha384() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
|
||||
component_build_psa_accel_alg_sha512() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
|
||||
|
@ -3653,10 +3610,8 @@ component_build_psa_accel_alg_sha512() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
|
||||
|
@ -3669,10 +3624,8 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
|
||||
|
@ -3685,10 +3638,8 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_alg_rsa_oaep() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
|
||||
|
@ -3701,10 +3652,8 @@ component_build_psa_accel_alg_rsa_oaep() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_alg_rsa_pss() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
||||
|
@ -3717,10 +3666,8 @@ component_build_psa_accel_alg_rsa_pss() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_key_type_rsa_key_pair() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx and PSA_WANT_ALG_RSA_PSS
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
||||
|
@ -3734,10 +3681,8 @@ component_build_psa_accel_key_type_rsa_key_pair() {
|
|||
|
||||
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
|
||||
component_build_psa_accel_key_type_rsa_public_key() {
|
||||
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
|
||||
msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
|
||||
|
@ -4041,7 +3986,7 @@ component_test_platform_calloc_macro () {
|
|||
component_test_malloc_0_null () {
|
||||
msg "build: malloc(0) returns NULL (ASan+UBSan build)"
|
||||
scripts/config.py full
|
||||
make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
|
||||
make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: malloc(0) returns NULL (ASan+UBSan build)"
|
||||
make test
|
||||
|
@ -4331,16 +4276,16 @@ component_test_se_default () {
|
|||
}
|
||||
|
||||
component_test_psa_crypto_drivers () {
|
||||
msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
|
||||
msg "build: full + test drivers dispatching to builtins"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
|
||||
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
|
||||
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
||||
|
||||
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers"
|
||||
msg "test: full + test drivers dispatching to builtins"
|
||||
make test
|
||||
}
|
||||
|
||||
|
|
|
@ -161,6 +161,7 @@ derived."""
|
|||
log_command(['config.py', 'full'])
|
||||
conf.adapt(config.full_adapter)
|
||||
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
|
||||
set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False)
|
||||
if options.unset_use_psa:
|
||||
set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)
|
||||
|
||||
|
|
|
@ -166,11 +166,10 @@ void entropy_init_free(int reinit)
|
|||
void entropy_seed_file(char *path, int ret)
|
||||
{
|
||||
mbedtls_entropy_context ctx;
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret);
|
||||
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path) == ret);
|
||||
|
||||
|
@ -184,11 +183,10 @@ exit:
|
|||
void entropy_write_base_seed_file(int ret)
|
||||
{
|
||||
mbedtls_entropy_context ctx;
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
|
||||
TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret);
|
||||
|
||||
|
@ -249,10 +247,10 @@ void entropy_func_len(int len, int ret)
|
|||
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 };
|
||||
size_t i, j;
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
/*
|
||||
* See comments in mbedtls_entropy_self_test()
|
||||
*/
|
||||
|
@ -286,10 +284,10 @@ void entropy_source_fail(char *path)
|
|||
unsigned char buf[16];
|
||||
entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 };
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
|
||||
&dummy, 16,
|
||||
MBEDTLS_ENTROPY_SOURCE_WEAK)
|
||||
|
@ -324,11 +322,11 @@ void entropy_threshold(int threshold, int chunk_size, int result)
|
|||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
|
||||
int ret;
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
entropy_clear_sources(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
/* Set strong source that reaches its threshold immediately and
|
||||
* a weak source whose threshold is a test parameter. */
|
||||
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
|
||||
|
@ -374,11 +372,11 @@ void entropy_calls(int strength1, int strength2,
|
|||
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
|
||||
int ret;
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
mbedtls_entropy_init(&ctx);
|
||||
entropy_clear_sources(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source,
|
||||
&dummy1, threshold,
|
||||
strength1) == 0);
|
||||
|
@ -473,8 +471,6 @@ void entropy_nv_seed(data_t *read_seed)
|
|||
unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
|
||||
memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
|
||||
memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
|
||||
|
@ -488,6 +484,8 @@ void entropy_nv_seed(data_t *read_seed)
|
|||
mbedtls_entropy_init(&ctx);
|
||||
entropy_clear_sources(&ctx);
|
||||
|
||||
MD_PSA_INIT();
|
||||
|
||||
TEST_ASSERT(mbedtls_entropy_add_source(&ctx, mbedtls_nv_seed_poll, NULL,
|
||||
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||
MBEDTLS_ENTROPY_SOURCE_STRONG) == 0);
|
||||
|
|
|
@ -6377,10 +6377,22 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #6
|
|||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"56fa6aa75548099dcc37d7f03425e0c3":"":0:1:0
|
||||
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt in two step
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=2+2
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
|
||||
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=0+4
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
|
||||
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=4+0
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0
|
||||
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), salt=0+0
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"b03ada2451aa1084ce14cf51c93eeea9d2bd435db3f93a70031b2de39fdef45d2ccb1fe2078e79773c148311d3e6ec5dec9da7f30d78584ec21c94de839671b2":"":0:1:0
|
||||
|
||||
PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as key, derive key
|
||||
depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
|
||||
derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:1
|
||||
|
|
|
@ -3234,7 +3234,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
|
|||
# - App data payload: 70696e67
|
||||
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
|
||||
|
||||
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
|
||||
|
@ -3245,7 +3245,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
|
|||
# - App data payload: 706f6e67
|
||||
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
|
||||
|
||||
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
|
||||
|
@ -3264,7 +3264,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1
|
|||
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
|
||||
# 3a ee bb 21 69 49 15 e4
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
|
||||
|
||||
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
|
||||
|
@ -3283,12 +3283,12 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
|
|||
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
|
||||
# 0d d0 32 e1 67 c2 95 5d
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Application secrets derivation helper
|
||||
# Vector from RFC 8448
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_ALG_SHA_256
|
||||
ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Resumption secrets derivation helper
|
||||
|
|
|
@ -1403,19 +1403,16 @@ void ssl_crypt_record_small(int cipher_type, int hash_id,
|
|||
ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
|
||||
mbedtls_test_rnd_std_rand, NULL);
|
||||
|
||||
if ((mode == 1 || mode == 2) && seen_success) {
|
||||
TEST_ASSERT(ret == 0);
|
||||
} else {
|
||||
TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
|
||||
if (ret == 0) {
|
||||
seen_success = 1;
|
||||
}
|
||||
}
|
||||
|
||||
if (ret != 0) {
|
||||
if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
|
||||
/* It's ok if the output buffer is too small. We do insist
|
||||
* on at least one mode succeeding; this is tracked by
|
||||
* seen_success. */
|
||||
continue;
|
||||
}
|
||||
|
||||
TEST_EQUAL(ret, 0);
|
||||
seen_success = 1;
|
||||
|
||||
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
|
||||
if (rec.cid_len != 0) {
|
||||
/* DTLS 1.2 + CID hides the real content type and
|
||||
|
@ -2005,7 +2002,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_MD_CAN_SHA256 */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
void ssl_tls13_record_protection(int ciphersuite,
|
||||
int endpoint,
|
||||
int ctr,
|
||||
|
|
Loading…
Reference in a new issue