yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/development' into safer-ct5

Browse source
This commit is contained in:
Dave Rodgman 2023-06-28 18:52:02 +01:00
commit 9fbb0cf08e
66 changed files with 1354 additions and 1199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.d/fix-ilp32.txt Normal file
View file

@ -0,0 +1,4 @@
Bugfix
* Fix a compilation failure in the constant_time module when
building for arm64_32 (e.g., for watchos). Reported by Paulo
Coutinho in #7787.

3
ChangeLog.d/ssl_debug_helpers-stack_usage.txt Normal file
View file

@ -0,0 +1,3 @@
Bugfix
* Fix very high stack usage in SSL debug code. Reported by Maximilian
Gerhardt in #7804.

3
include/mbedtls/build_info.h
View file

@ -148,8 +148,7 @@
#if defined(MBEDTLS_ECP_C) || \
defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \
defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
(defined(MBEDTLS_PK_C) && defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDSA))
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
#define MBEDTLS_ECP_LIGHT
#endif

4
include/mbedtls/oid.h
View file

@ -545,7 +545,7 @@ int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_al
int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
const char **oid, size_t *olen);
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/**
* \brief Translate NamedCurve OID into an EC group identifier
*
@ -591,7 +591,7 @@ int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_
*/
int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen);
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/**
* \brief Translate SignatureAlgorithm OID into md_type and pk_type

14
include/mbedtls/pk.h
View file

@ -207,7 +207,8 @@ typedef struct mbedtls_pk_rsassa_pss_options {
* format. It should be noticed that this only affect how data is stored, not
* which functions are used for various operations. The overall picture looks
* like this:
* - if ECP_C is defined then use legacy functions
* - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure
* and legacy functions
* - if USE_PSA is defined and
* - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
* format and use PSA functions
@ -218,11 +219,18 @@ typedef struct mbedtls_pk_rsassa_pss_options {
* ecp_keypair structure inside the pk_context so he/she can modify it using
* ECP functions which are not under PK module's control.
*/
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \
defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
!defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_USE_PSA_EC_DATA
#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
/* Helper symbol to state that the PK module has support for EC keys. This
* can either be provided through the legacy ECP solution or through the
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
#define MBEDTLS_PK_HAVE_ECC_KEYS
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
/**
* \brief Types for interfacing with the debug module
*/

17
include/mbedtls/x509.h
View file

@ -500,6 +500,23 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size,
int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage);
/**
* \brief This function parses a CN string as an IP address.
*
* \param cn The CN string to parse. CN string MUST be null-terminated.
* \param dst The target buffer to populate with the binary IP address.
* The buffer MUST be 16 bytes to save IPv6, and should be
* 4-byte aligned if the result will be used as struct in_addr.
* e.g. uint32_t dst[4]
*
* \note \p cn is parsed as an IPv6 address if string contains ':',
* else \p cn is parsed as an IPv4 address.
*
* \return Length of binary IP address; num bytes written to target.
* \return \c 0 on failure to parse CN string as an IP address.
*/
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
if (ret < 0 || (size_t) ret >= n) \

112
include/psa/crypto_extra.h
View file

@ -572,8 +572,7 @@ psa_status_t psa_get_key_domain_parameters(
/** \defgroup psa_tls_helpers TLS helper functions
* @{
*/
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#include <mbedtls/ecp.h>
/** Convert an ECC curve identifier from the Mbed TLS encoding to PSA.
@ -589,54 +588,8 @@ psa_status_t psa_get_key_domain_parameters(
* (`PSA_ECC_FAMILY_xxx`).
* \return \c 0 on failure (\p grpid is not recognized).
*/
static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits)
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return 0;
}
}
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits);
/** Convert an ECC curve identifier from the PSA encoding to Mbed TLS.
*
@ -660,7 +613,7 @@ static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grp
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy);
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
/**@}*/
@ -2031,34 +1984,6 @@ struct psa_crypto_driver_pake_inputs_s {
psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite);
};
typedef enum psa_jpake_step {
PSA_PAKE_STEP_INVALID = 0,
PSA_PAKE_STEP_X1_X2 = 1,
PSA_PAKE_STEP_X2S = 2,
PSA_PAKE_STEP_DERIVE = 3,
} psa_jpake_step_t;
typedef enum psa_jpake_state {
PSA_PAKE_STATE_INVALID = 0,
PSA_PAKE_STATE_SETUP = 1,
PSA_PAKE_STATE_READY = 2,
PSA_PAKE_OUTPUT_X1_X2 = 3,
PSA_PAKE_OUTPUT_X2S = 4,
PSA_PAKE_INPUT_X1_X2 = 5,
PSA_PAKE_INPUT_X4S = 6,
} psa_jpake_state_t;
typedef enum psa_jpake_sequence {
PSA_PAKE_SEQ_INVALID = 0,
PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */
PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */
PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */
PSA_PAKE_X2_STEP_KEY_SHARE = 4,
PSA_PAKE_X2_STEP_ZK_PUBLIC = 5,
PSA_PAKE_X2_STEP_ZK_PROOF = 6,
PSA_PAKE_SEQ_END = 7,
} psa_jpake_sequence_t;
typedef enum psa_crypto_driver_pake_step {
PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */
PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/
@ -2075,14 +2000,35 @@ typedef enum psa_crypto_driver_pake_step {
PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */
} psa_crypto_driver_pake_step_t;
typedef enum psa_jpake_round {
PSA_JPAKE_FIRST = 0,
PSA_JPAKE_SECOND = 1,
PSA_JPAKE_FINISHED = 2
} psa_jpake_round_t;
typedef enum psa_jpake_io_mode {
PSA_JPAKE_INPUT = 0,
PSA_JPAKE_OUTPUT = 1
} psa_jpake_io_mode_t;
struct psa_jpake_computation_stage_s {
psa_jpake_state_t MBEDTLS_PRIVATE(state);
psa_jpake_sequence_t MBEDTLS_PRIVATE(sequence);
psa_jpake_step_t MBEDTLS_PRIVATE(input_step);
psa_jpake_step_t MBEDTLS_PRIVATE(output_step);
/* The J-PAKE round we are currently on */
psa_jpake_round_t MBEDTLS_PRIVATE(round);
/* The 'mode' we are currently in (inputting or outputting) */
psa_jpake_io_mode_t MBEDTLS_PRIVATE(io_mode);
/* The number of completed inputs so far this round */
uint8_t MBEDTLS_PRIVATE(inputs);
/* The number of completed outputs so far this round */
uint8_t MBEDTLS_PRIVATE(outputs);
/* The next expected step (KEY_SHARE, ZK_PUBLIC or ZK_PROOF) */
psa_pake_step_t MBEDTLS_PRIVATE(step);
};
#define PSA_JPAKE_EXPECTED_INPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
((round) == PSA_JPAKE_FIRST ? 2 : 1))
#define PSA_JPAKE_EXPECTED_OUTPUTS(round) ((round) == PSA_JPAKE_FINISHED ? 0 : \
((round) == PSA_JPAKE_FIRST ? 2 : 1))
struct psa_pake_operation_s {
/** Unique ID indicating which driver got assigned to do the
* operation. Since driver contexts are driver-specific, swapping

51
library/bignum_mod.c
View file

@ -88,7 +88,7 @@ void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N)
N->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_free(N->rep.ored);
N->rep.ored.modp = NULL;
break;
case MBEDTLS_MPI_MOD_REP_INVALID:
break;
@ -136,33 +136,25 @@ cleanup:
return ret;
}
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep)
static inline void standard_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep)
{
int ret = 0;
N->p = p;
N->limbs = p_limbs;
N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
N->int_rep = int_rep;
}
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
N->int_rep = int_rep;
N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
N->int_rep = int_rep;
N->rep.ored = NULL;
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto exit;
}
exit:
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs)
{
int ret = 0;
standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY);
N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
if (ret != 0) {
mbedtls_mpi_mod_modulus_free(N);
@ -171,6 +163,16 @@ exit:
return ret;
}
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp)
{
standard_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_OPT_RED);
N->rep.ored.modp = modp;
return 0;
}
int mbedtls_mpi_mod_mul(mbedtls_mpi_mod_residue *X,
const mbedtls_mpi_mod_residue *A,
const mbedtls_mpi_mod_residue *B,
@ -235,8 +237,7 @@ static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X,
mbedtls_mpi_mod_modulus Nmont;
mbedtls_mpi_mod_modulus_init(&Nmont);
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_modulus_setup(&Nmont, N->p, N->limbs));
/* We'll use X->p to hold the Montgomery form of the input A->p */
mbedtls_mpi_core_to_mont_rep(X->p, A->p, Nmont.p, Nmont.limbs,

38
library/bignum_mod.h
View file

@ -98,10 +98,11 @@ typedef enum {
/* Skip 1 as it is slightly easier to accidentally pass to functions. */
/** Montgomery representation. */
MBEDTLS_MPI_MOD_REP_MONTGOMERY = 2,
/** TODO: document this.
*
* Residues are in canonical representation.
*/
/* Optimised reduction available. This indicates a coordinate modulus (P)
* and one or more of the following have been configured:
* - A nist curve (MBEDTLS_ECP_DP_SECPXXXR1_ENABLED) & MBEDTLS_ECP_NIST_OPTIM.
* - A Kobliz Curve.
* - A Fast Reduction Curve CURVE25519 or CURVE448. */
MBEDTLS_MPI_MOD_REP_OPT_RED,
} mbedtls_mpi_mod_rep_selector;
@ -123,7 +124,11 @@ typedef struct {
mbedtls_mpi_uint mm; /* Montgomery const for -N^{-1} mod 2^{ciL} */
} mbedtls_mpi_mont_struct;
typedef void *mbedtls_mpi_opt_red_struct;
typedef int (*mbedtls_mpi_modp_fn)(mbedtls_mpi_uint *X, size_t X_limbs);
typedef struct {
mbedtls_mpi_modp_fn modp; /* The optimised reduction function pointer */
} mbedtls_mpi_opt_red_struct;
typedef struct {
const mbedtls_mpi_uint *p;
@ -197,16 +202,29 @@ void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param int_rep The internal representation to be used for residues
* associated with \p N (see #mbedtls_mpi_mod_rep_selector).
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/
int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep);
size_t p_limbs);
/** Setup an optimised-reduction compatible modulus structure.
*
* \param[out] N The address of the modulus structure to populate.
* \param[in] p The address of the limb array storing the value of \p N.
* The memory pointed to by \p p will be used by \p N and must
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param modp A pointer to the optimised reduction function to use. \p p.
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_optred_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_modp_fn modp);
/** Free elements of a modulus structure.
*

30
library/bignum_mod_raw.c
View file

@ -114,8 +114,6 @@ void mbedtls_mpi_mod_raw_sub(mbedtls_mpi_uint *X,
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
}
#if defined(MBEDTLS_TEST_HOOKS)
MBEDTLS_STATIC_TESTABLE
void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
const mbedtls_mpi_mod_modulus *N)
@ -125,7 +123,6 @@ void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
}
#endif /* MBEDTLS_TEST_HOOKS */
void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
@ -133,8 +130,31 @@ void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *T)
{
mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,
N->rep.mont.mm, T);
/* Standard (A * B) multiplication stored into pre-allocated T
* buffer of fixed limb size of (2N + 1).
*
* The space may not not fully filled by when
* MBEDTLS_MPI_MOD_REP_OPT_RED is used. */
const size_t T_limbs = BITS_TO_LIMBS(N->bits) * 2;
switch (N->int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
mbedtls_mpi_core_montmul(X, A, B, N->limbs, N->p, N->limbs,
N->rep.mont.mm, T);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
mbedtls_mpi_core_mul(T, A, N->limbs, B, N->limbs);
/* Optimised Reduction */
(*N->rep.ored.modp)(T, T_limbs);
/* Convert back to canonical representation */
mbedtls_mpi_mod_raw_fix_quasi_reduction(T, N);
memcpy(X, T, N->limbs * sizeof(mbedtls_mpi_uint));
break;
default:
break;
}
}
size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs(size_t AN_limbs)

26
library/bn_mul.h
View file

@ -248,27 +248,39 @@
#endif /* AMD64 */
#if defined(__aarch64__)
// The following assembly code assumes that a pointer will fit in a 64-bit register
// (including ILP32 __aarch64__ ABIs such as on watchOS, hence the 2^32 - 1)
#if defined(__aarch64__) && (UINTPTR_MAX == 0xfffffffful || UINTPTR_MAX == 0xfffffffffffffffful)
/*
* There are some issues around different compilers requiring different constraint
* syntax for updating pointers from assembly code (see notes for
* MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT in common.h), especially on aarch64_32 (aka ILP32).
*
* For this reason we cast the pointers to/from uintptr_t here.
*/
#define MULADDC_X1_INIT \
asm(
do { uintptr_t muladdc_d = (uintptr_t) d, muladdc_s = (uintptr_t) s; asm(
#define MULADDC_X1_CORE \
"ldr x4, [%2], #8 \n\t" \
"ldr x5, [%1] \n\t" \
"ldr x4, [%x2], #8 \n\t" \
"ldr x5, [%x1] \n\t" \
"mul x6, x4, %4 \n\t" \
"umulh x7, x4, %4 \n\t" \
"adds x5, x5, x6 \n\t" \
"adc x7, x7, xzr \n\t" \
"adds x5, x5, %0 \n\t" \
"adc %0, x7, xzr \n\t" \
"str x5, [%1], #8 \n\t"
"str x5, [%x1], #8 \n\t"
#define MULADDC_X1_STOP \
: "+r" (c), "+r" (d), "+r" (s), "+m" (*(uint64_t (*)[16]) d) \
: "+r" (c), \
"+r" (muladdc_d), \
"+r" (muladdc_s), \
"+m" (*(uint64_t (*)[16]) d) \
: "r" (b), "m" (*(const uint64_t (*)[16]) s) \
: "x4", "x5", "x6", "x7", "cc" \
);
); d = (mbedtls_mpi_uint *)muladdc_d; s = (mbedtls_mpi_uint *)muladdc_s; } while (0);
#endif /* Aarch64 */

66
library/common.h
View file

@ -69,6 +69,44 @@ extern void (*mbedtls_test_hook_test_fail)(const char *test, int line, const cha
#define MBEDTLS_TEST_HOOK_TEST_ASSERT(TEST)
#endif /* defined(MBEDTLS_TEST_HOOKS) */
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
#define ARRAY_LENGTH_UNSAFE(array) \
(sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER(arg) \
(!__builtin_types_compatible_p(__typeof__(arg), \
__typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR(const_expr) \
(0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN(condition, value) \
(STATIC_ASSERT_EXPR(condition) ? 0 : (value))
#define ARRAY_LENGTH(array) \
(STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Allow library to access its structs' private members.
*
* Although structs defined in header files are publicly available,
@ -169,6 +207,34 @@ inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned
#endif
/* *INDENT-ON* */
/*
* Define the constraint used for read-only pointer operands to aarch64 asm.
*
* This is normally the usual "r", but for aarch64_32 (aka ILP32,
* as found in watchos), "p" is required to avoid warnings from clang.
*
* Note that clang does not recognise '+p' or '=p', and armclang
* does not recognise 'p' at all. Therefore, to update a pointer from
* aarch64 assembly, it is necessary to use something like:
*
* uintptr_t uptr = (uintptr_t) ptr;
* asm( "ldr x4, [%x0], #8" ... : "+r" (uptr) : : )
* ptr = (void*) uptr;
*
* Note that the "x" in "%x0" is neccessary; writing "%0" will cause warnings.
*/
#if defined(__aarch64__) && defined(MBEDTLS_HAVE_ASM)
#if UINTPTR_MAX == 0xfffffffful
/* ILP32: Specify the pointer operand slightly differently, as per #7787. */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "p"
#elif UINTPTR_MAX == 0xfffffffffffffffful
/* Normal case (64-bit pointers): use "r" as the constraint for pointer operands to asm */
#define MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT "r"
#else
#error Unrecognised pointer size for aarch64
#endif
#endif
/* Always provide a static assert macro, so it can be used unconditionally.
* It will expand to nothing on some systems.
* Can be used outside functions (but don't add a trailing ';' in that case:

23
library/constant_time.c
View file

@ -31,10 +31,18 @@
#include "mbedtls/platform_util.h"
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
#include "psa/crypto.h"
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
#if !defined(MBEDTLS_CT_ASM)
@ -57,8 +65,9 @@ volatile mbedtls_ct_uint_t mbedtls_ct_zero = 0;
* only used here.
*/
#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && \
(defined(MBEDTLS_CT_ARM_ASM) || defined(MBEDTLS_CT_AARCH64_ASM))
((defined(MBEDTLS_CT_ARM_ASM) && (UINTPTR_MAX == 0xfffffffful)) || \
defined(MBEDTLS_CT_AARCH64_ASM))
/* We check pointer sizes to avoid issues with them not matching register size requirements */
#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS
static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p)
@ -71,7 +80,7 @@ static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsi
#if defined(MBEDTLS_CT_ARM_ASM)
asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
#elif defined(MBEDTLS_CT_AARCH64_ASM)
asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :);
asm volatile ("ldr %w0, [%1]" : "=r" (r) : MBEDTLS_ASM_AARCH64_PTR_CONSTRAINT(p) :);
#else
#error No assembly defined for mbedtls_get_unaligned_volatile_uint32
#endif

110
library/ecp_curves.c
View file

@ -4922,7 +4922,7 @@ static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
static int ecp_mod_p192(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((192 + biL - 1) / biL);
size_t expected_width = BITS_TO_LIMBS(192) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p192_raw(N->p, expected_width);
@ -4936,7 +4936,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn)
mbedtls_mpi_uint c = 0, last_carry[WIDTH] = { 0 };
mbedtls_mpi_uint *p, *end;
if (Nn != 2*((192 + biL - 1)/biL)) {
if (Nn != BITS_TO_LIMBS(192) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5082,7 +5082,7 @@ static inline int8_t extract_carry(int64_t cur)
static int ecp_mod_p224(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 224 / biL;
size_t expected_width = BITS_TO_LIMBS(224) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width);
cleanup:
@ -5092,7 +5092,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
if (X_limbs != 2 * 224 / biL) {
if (X_limbs != BITS_TO_LIMBS(224) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5135,7 +5135,7 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p256(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 256 / biL;
size_t expected_width = BITS_TO_LIMBS(256) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p256_raw(N->p, expected_width);
cleanup:
@ -5145,7 +5145,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
if (X_limbs != 2 * 256 / biL) {
if (X_limbs != BITS_TO_LIMBS(256) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5215,7 +5215,7 @@ int mbedtls_ecp_mod_p256_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p384(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((384 + biL - 1) / biL);
size_t expected_width = BITS_TO_LIMBS(384) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p384_raw(N->p, expected_width);
cleanup:
@ -5225,7 +5225,7 @@ cleanup:
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
if (X_limbs != 2*((384 + biL - 1)/biL)) {
if (X_limbs != BITS_TO_LIMBS(384) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5337,7 +5337,7 @@ int mbedtls_ecp_mod_p384_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p521(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * P521_WIDTH;
size_t expected_width = BITS_TO_LIMBS(521) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width);
cleanup:
@ -5349,7 +5349,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
mbedtls_mpi_uint carry = 0;
if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) {
if (X_limbs != BITS_TO_LIMBS(521) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5423,7 +5423,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p255(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * P255_WIDTH;
size_t expected_width = BITS_TO_LIMBS(255) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width);
cleanup:
@ -5434,7 +5434,7 @@ MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
{
if (X_Limbs != 2 * P255_WIDTH) {
if (X_Limbs != BITS_TO_LIMBS(255) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5492,7 +5492,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
static int ecp_mod_p448(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((448 + biL - 1) / biL);
size_t expected_width = BITS_TO_LIMBS(448) * 2;
/* This is required as some tests and use cases do not pass in a Bignum of
* the correct size, and expect the growth to be done automatically, which
@ -5522,7 +5522,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs)
size_t round;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (X_limbs <= P448_WIDTH) {
if (X_limbs != BITS_TO_LIMBS(448) * 2) {
return 0;
}
@ -5577,9 +5577,9 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs)
(void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
/* M = B0 */
if (ciL > 4) {
M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
}
#ifdef MBEDTLS_HAVE_INT64
M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
#endif
memset(M + P224_WIDTH_MAX, 0, ((M_limbs - P224_WIDTH_MAX) * ciL));
/* M = M + Q = B0 + B1 */
@ -5734,7 +5734,7 @@ cleanup:
static int ecp_mod_p192k1(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((192 + biL - 1) / biL);
size_t expected_width = BITS_TO_LIMBS(192) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width);
@ -5750,7 +5750,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00)
};
if (X_limbs != 2 * ((192 + biL - 1) / biL)) {
if (X_limbs != BITS_TO_LIMBS(192) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5768,7 +5768,7 @@ int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p224k1(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * 224 / biL;
size_t expected_width = BITS_TO_LIMBS(224) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width);
@ -5784,7 +5784,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00)
};
if (X_limbs != 2 * 224 / biL) {
if (X_limbs != BITS_TO_LIMBS(224) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5802,7 +5802,7 @@ int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
static int ecp_mod_p256k1(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t expected_width = 2 * ((256 + biL - 1) / biL);
size_t expected_width = BITS_TO_LIMBS(256) * 2;
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width);
@ -5818,7 +5818,7 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
0x01, 0x00, 0x00, 0x00)
};
if (X_limbs != 2 * ((256 + biL - 1) / biL)) {
if (X_limbs != BITS_TO_LIMBS(256) * 2) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
@ -5831,20 +5831,24 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype)
const mbedtls_ecp_modulus_type ctype)
{
mbedtls_mpi_modp_fn modp = NULL;
mbedtls_mpi_uint *p = NULL;
size_t p_limbs;
if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \
ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) {
if (!(ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE || \
ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_SCALAR)) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
switch (id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
case MBEDTLS_ECP_DP_SECP192R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p192_raw;
#endif
p = (mbedtls_mpi_uint *) secp192r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p));
} else {
@ -5856,7 +5860,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
case MBEDTLS_ECP_DP_SECP224R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p224_raw;
#endif
p = (mbedtls_mpi_uint *) secp224r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p));
} else {
@ -5868,7 +5875,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
case MBEDTLS_ECP_DP_SECP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p256_raw;
#endif
p = (mbedtls_mpi_uint *) secp256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p));
} else {
@ -5880,7 +5890,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
case MBEDTLS_ECP_DP_SECP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p384_raw;
#endif
p = (mbedtls_mpi_uint *) secp384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p));
} else {
@ -5892,7 +5905,10 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
case MBEDTLS_ECP_DP_SECP521R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
#if defined(MBEDTLS_ECP_NIST_OPTIM)
modp = &mbedtls_ecp_mod_p521_raw;
#endif
p = (mbedtls_mpi_uint *) secp521r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p));
} else {
@ -5904,7 +5920,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
case MBEDTLS_ECP_DP_BP256R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP256r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p));
} else {
@ -5916,7 +5932,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
case MBEDTLS_ECP_DP_BP384R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP384r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p));
} else {
@ -5928,7 +5944,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
case MBEDTLS_ECP_DP_BP512R1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
p = (mbedtls_mpi_uint *) brainpoolP512r1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p));
} else {
@ -5940,7 +5956,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p255_raw;
p = (mbedtls_mpi_uint *) curve25519_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p));
} else {
@ -5952,7 +5969,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p192k1_raw;
p = (mbedtls_mpi_uint *) secp192k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p));
} else {
@ -5964,7 +5982,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p224k1_raw;
p = (mbedtls_mpi_uint *) secp224k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p));
} else {
@ -5976,7 +5995,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p256k1_raw;
p = (mbedtls_mpi_uint *) secp256k1_p;
p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p));
} else {
@ -5988,7 +6008,8 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) {
if (ctype == (mbedtls_ecp_modulus_type) MBEDTLS_ECP_MOD_COORDINATE) {
modp = &mbedtls_ecp_mod_p448_raw;
p = (mbedtls_mpi_uint *) curve448_p;
p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p));
} else {
@ -6003,9 +6024,14 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if (modp != NULL) {
if (mbedtls_mpi_mod_optred_modulus_setup(N, p, p_limbs, modp)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
} else {
if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
}
return 0;
}

4
library/ecp_invasive.h
View file

@ -306,7 +306,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
* \param[in,out] N The address of the modulus structure to populate.
* Must be initialized.
* \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus.
* \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P)
* \param[in] ctype The mbedtls_ecp_modulus_type identifier for a coordinate modulus (P)
* or a scalar modulus (N).
*
* \return \c 0 if successful.
@ -317,7 +317,7 @@ int mbedtls_ecp_mod_p448_raw(mbedtls_mpi_uint *X, size_t X_limbs);
MBEDTLS_STATIC_TESTABLE
int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_ecp_group_id id,
const mbedtls_ecp_curve_type ctype);
const mbedtls_ecp_modulus_type ctype);
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */

12
library/lmots.c
View file

@ -45,9 +45,15 @@
#include "psa/crypto.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_lms_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_lms_errors,
ARRAY_LENGTH(psa_to_lms_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define PUBLIC_KEY_TYPE_OFFSET (0)
#define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \

12
library/lms.c
View file

@ -46,9 +46,15 @@
#include "mbedtls/platform.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_lms_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_lms_errors,
ARRAY_LENGTH(psa_to_lms_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define SIG_Q_LEAF_ID_OFFSET (0)
#define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \

4
library/oid.c
View file

@ -543,7 +543,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_pk_alg,
mbedtls_pk_type_t,
pk_alg)
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* For elliptic curves that use namedCurve inside ECParams (RFC 5480)
*/
@ -674,7 +674,7 @@ FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid,
oid_ecp_grp_algid,
mbedtls_ecp_group_id,
grp_id)
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_CIPHER_C)
/*

52
library/pk.c
View file

@ -31,7 +31,7 @@
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@ -125,12 +125,12 @@ const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type)
case MBEDTLS_PK_RSA:
return &mbedtls_rsa_info;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
case MBEDTLS_PK_ECKEY:
return &mbedtls_eckey_info;
case MBEDTLS_PK_ECKEY_DH:
return &mbedtls_eckeydh_info;
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
case MBEDTLS_PK_ECDSA:
return &mbedtls_ecdsa_info;
@ -196,42 +196,6 @@ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *ecp_keypair)
{
int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
if (pk == NULL) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
/* The raw public key storing mechanism is only supported for EC keys so
* we fail silently for other ones. */
if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) &&
(pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) &&
(pk->pk_info->type != MBEDTLS_PK_ECDSA)) {
return 0;
}
ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&pk->pub_raw_len,
pk->pub_raw,
MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
if (ret != 0) {
return ret;
}
pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
&pk->ec_bits);
if (pk->ec_family == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
return 0;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
* Initialize an RSA-alt context
@ -903,14 +867,14 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
psa_key_usage_t usage,
psa_algorithm_t alg2)
{
#if !defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_RSA_C)
#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
((void) pk);
((void) key);
((void) alg);
((void) usage);
((void) alg2);
#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
size_t d_len;
psa_ecc_family_t curve_id;
@ -965,7 +929,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
return mbedtls_pk_setup_opaque(pk, *key);
} else
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
@ -1006,7 +970,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
return mbedtls_pk_setup_opaque(pk, *key);
} else
#endif /* MBEDTLS_RSA_C */
#endif /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */

20
library/pk_internal.h
View file

@ -25,7 +25,7 @@
#include "mbedtls/pk.h"
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "mbedtls/ecp.h"
#endif
@ -44,7 +44,7 @@
psa_pk_status_to_mbedtls)
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/**
* Public function mbedtls_pk_ec() can be used to get direct access to the
* wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
@ -115,21 +115,7 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_PK_HAVE_RFC8410_CURVES
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
/**
* \brief Copy the public key content in raw format from "ctx->pk_ctx"
* (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer.
*
* \note This is a temporary function that can be removed as soon as the pk
* module is free from ECP_C
*
* \param pk It is the pk_context which is going to be updated. It acts both
* as input and output.
*/
int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *ecp_keypair);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_PK_INTERNAL_H */

4
library/pk_wrap.c
View file

@ -634,7 +634,7 @@ const mbedtls_pk_info_t mbedtls_rsa_info = {
};
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* Generic EC key
*/
@ -1335,7 +1335,7 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = {
#endif
eckey_debug, /* Same underlying key structure */
};
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
static int ecdsa_can_do(mbedtls_pk_type_t type)

2
library/pk_wrap.h
View file

@ -120,7 +120,7 @@ typedef struct {
extern const mbedtls_pk_info_t mbedtls_rsa_info;
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
extern const mbedtls_pk_info_t mbedtls_eckey_info;
extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
#endif

52
library/pkparse.c
View file

@ -37,7 +37,7 @@
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
#include "pkwrite.h"
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@ -64,10 +64,10 @@
#include "mbedtls/platform.h"
/* Helper for Montgomery curves */
#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && MBEDTLS_PK_HAVE_RFC8410_CURVES */
#if defined(MBEDTLS_FS_IO)
/*
@ -174,7 +174,7 @@ int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path)
}
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Minimally parse an ECParameters buffer to and mbedtls_asn1_buf
*
* ECParameters ::= CHOICE {
@ -655,7 +655,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
@ -664,9 +663,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
* which never contain a public key. As such, derive the public key
* unconditionally. */
if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) {
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair_free(eck);
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return ret;
}
@ -674,7 +670,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
* into PSA. */
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
@ -793,7 +788,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
return ret;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
/*
@ -878,7 +873,7 @@ static int pk_get_pk_alg(unsigned char **p,
}
ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg);
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id);
if (ret == 0) {
@ -952,7 +947,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@ -966,7 +961,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
ret = pk_get_ecpubkey(p, end, pk);
}
} else
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if (ret == 0 && *p != end) {
@ -1170,7 +1165,7 @@ cleanup:
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* Parse a SEC1 encoded private EC key
*/
@ -1186,10 +1181,11 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
unsigned char *d;
unsigned char *end = p + keylen;
unsigned char *end2;
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status;
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
@ -1226,7 +1222,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
#endif
@ -1243,11 +1238,9 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
0)) == 0) {
if ((ret = pk_get_ecparams(&p, p + len, &params)) != 0 ||
(ret = pk_use_ecparams(&params, pk)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
@ -1283,7 +1276,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
}
}
} else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
}
@ -1311,21 +1303,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
if (!pubkey_done) {
if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
}
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return 0;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/*
* Parse an unencrypted PKCS#8 encoded private key
@ -1354,7 +1344,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
const mbedtls_pk_info_t *pk_info;
#if !defined(MBEDTLS_ECP_LIGHT)
#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS)
(void) f_rng;
(void) p_rng;
#endif
@ -1419,7 +1409,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
}
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
@ -1441,7 +1431,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
}
}
} else
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
return 0;
@ -1608,7 +1598,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
@ -1637,7 +1627,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
@ -1743,7 +1733,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
mbedtls_pk_init(pk);
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
pk_parse_key_sec1_der(pk,
@ -1751,13 +1741,13 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
return 0;
}
mbedtls_pk_free(pk);
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
/* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't,
/* If MBEDTLS_RSA_C is defined but MBEDTLS_PK_HAVE_ECC_KEYS isn't,
* it is ok to leave the PK context initialized but not
* freed: It is the caller's responsibility to call pk_init()
* before calling this function, and to call pk_free()
* when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C
* when it fails. If MBEDTLS_PK_HAVE_ECC_KEYS is defined but MBEDTLS_RSA_C
* isn't, this leads to mbedtls_pk_free() being called
* twice, once here and once by the caller, but this is
* also ok and in line with the mbedtls_pk_free() calls

59
library/pkwrite.c
View file

@ -38,10 +38,10 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pk_internal.h"
#endif
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#include "pkwrite.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@ -58,7 +58,7 @@
#include "mbedtls/platform.h"
/* Helper for Montgomery curves */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
{
@ -76,6 +76,7 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
#endif
return 0;
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */
static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
@ -93,7 +94,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
}
#endif /* MBETLS_USE_PSA_CRYPTO */
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* It is assumed that the input key is opaque */
@ -158,7 +159,7 @@ end_of_export:
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *pk)
@ -316,7 +317,7 @@ exit:
return ret;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
@ -353,7 +354,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
} else
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
} else
@ -375,7 +376,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
int has_par = 1;
size_t len = 0, par_len = 0, oid_len = 0;
mbedtls_pk_type_t pk_type;
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
#endif
const char *oid;
@ -404,20 +405,20 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) {
ec_grp_id = mbedtls_pk_get_group_id(key);
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (pk_type == MBEDTLS_PK_OPAQUE) {
psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
pk_type = MBEDTLS_PK_ECKEY;
ec_grp_id = mbedtls_pk_get_group_id(key);
} else
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
/* The rest of the function works as for legacy RSA contexts. */
pk_type = MBEDTLS_PK_RSA;
@ -429,7 +430,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_type == MBEDTLS_PK_ECKEY) {
/* Some groups have their own AlgorithmIdentifier OID, others are handled
* by mbedtls_oid_get_oid_by_pk_alg() below */
@ -445,7 +446,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
return ret;
}
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
if (oid_len == 0) {
if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
@ -464,7 +465,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu
return (int) len;
}
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
/*
* RFC8410 section 7
@ -572,7 +573,7 @@ static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
return (int) len;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
@ -691,9 +692,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0;
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t opaque_key_type;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -710,9 +711,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -721,7 +722,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
return pk_write_rsa_der(&c, buf, key);
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (mbedtls_pk_is_rfc8410(key)) {
@ -730,7 +731,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf,
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
return pk_write_ec_der(&c, buf, key);
} else
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len;
@ -781,12 +782,12 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
size_t olen = 0;
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
int is_ec_opaque = 0;
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
int is_montgomery_opaque = 0;
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#if defined(MBEDTLS_RSA_C)
int is_rsa_opaque = 0;
#endif
@ -802,14 +803,14 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
#if defined(MBEDTLS_RSA_C)
is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) {
is_montgomery_opaque = 1;
}
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
@ -819,7 +820,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
end = PEM_END_PRIVATE_KEY_RSA;
} else
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
if (is_montgomery_opaque ||
@ -828,13 +829,13 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf,
begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
end = PEM_END_PRIVATE_KEY_PKCS8;
} else
#endif
#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
{
begin = PEM_BEGIN_PRIVATE_KEY_EC;
end = PEM_END_PRIVATE_KEY_EC;
}
} else
#endif
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
if ((ret = mbedtls_pem_write_buffer(begin, end,

6
library/pkwrite.h
View file

@ -73,7 +73,7 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/*
* EC public keys:
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
@ -98,10 +98,10 @@
*/
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
#else /* MBEDTLS_ECP_LIGHT */
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
#endif /* MBEDTLS_PK_WRITE_H */

348
library/psa_crypto.c
View file

@ -84,8 +84,6 @@
#include "mbedtls/sha512.h"
#include "md_psa.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
@ -390,7 +388,56 @@ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t stat
/* Key management */
/****************************************************************/
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
size_t *bits)
{
switch (grpid) {
case MBEDTLS_ECP_DP_SECP192R1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP224R1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP256R1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP384R1:
*bits = 384;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_SECP521R1:
*bits = 521;
return PSA_ECC_FAMILY_SECP_R1;
case MBEDTLS_ECP_DP_BP256R1:
*bits = 256;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP384R1:
*bits = 384;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_BP512R1:
*bits = 512;
return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
case MBEDTLS_ECP_DP_CURVE25519:
*bits = 255;
return PSA_ECC_FAMILY_MONTGOMERY;
case MBEDTLS_ECP_DP_SECP192K1:
*bits = 192;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP224K1:
*bits = 224;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_SECP256K1:
*bits = 256;
return PSA_ECC_FAMILY_SECP_K1;
case MBEDTLS_ECP_DP_CURVE448:
*bits = 448;
return PSA_ECC_FAMILY_MONTGOMERY;
default:
*bits = 0;
return 0;
}
}
mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
size_t bits,
int bits_is_sloppy)
@ -482,7 +529,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa(psa_ecc_family_t curve,
(void) bits_is_sloppy;
return MBEDTLS_ECP_DP_NONE;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type,
size_t bits)
@ -7718,10 +7765,8 @@ psa_status_t psa_pake_setup(
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
computation_stage->state = PSA_PAKE_STATE_SETUP;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
memset(computation_stage, 0, sizeof(*computation_stage));
computation_stage->step = PSA_PAKE_STEP_KEY_SHARE;
} else
#endif /* PSA_WANT_ALG_JPAKE */
{
@ -7890,59 +7935,32 @@ exit:
return status;
}
/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */
/* Auxiliary function to convert core computation stage to single driver step. */
#if defined(PSA_WANT_ALG_JPAKE)
static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step(
psa_jpake_computation_stage_t *stage)
{
switch (stage->state) {
case PSA_PAKE_OUTPUT_X1_X2:
case PSA_PAKE_INPUT_X1_X2:
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X1_STEP_KEY_SHARE;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X1_STEP_ZK_PUBLIC;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X1_STEP_ZK_PROOF;
case PSA_PAKE_X2_STEP_KEY_SHARE:
return PSA_JPAKE_X2_STEP_KEY_SHARE;
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
return PSA_JPAKE_X2_STEP_ZK_PUBLIC;
case PSA_PAKE_X2_STEP_ZK_PROOF:
return PSA_JPAKE_X2_STEP_ZK_PROOF;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
case PSA_PAKE_OUTPUT_X2S:
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X2S_STEP_KEY_SHARE;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X2S_STEP_ZK_PUBLIC;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X2S_STEP_ZK_PROOF;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
case PSA_PAKE_INPUT_X4S:
switch (stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
return PSA_JPAKE_X4S_STEP_KEY_SHARE;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
return PSA_JPAKE_X4S_STEP_ZK_PUBLIC;
case PSA_PAKE_X1_STEP_ZK_PROOF:
return PSA_JPAKE_X4S_STEP_ZK_PROOF;
default:
return PSA_JPAKE_STEP_INVALID;
}
break;
default:
return PSA_JPAKE_STEP_INVALID;
psa_crypto_driver_pake_step_t key_share_step;
if (stage->round == PSA_JPAKE_FIRST) {
int is_x1;
if (stage->io_mode == PSA_JPAKE_OUTPUT) {
is_x1 = (stage->outputs < 1);
} else {
is_x1 = (stage->inputs < 1);
}
key_share_step = is_x1 ?
PSA_JPAKE_X1_STEP_KEY_SHARE :
PSA_JPAKE_X2_STEP_KEY_SHARE;
} else if (stage->round == PSA_JPAKE_SECOND) {
key_share_step = (stage->io_mode == PSA_JPAKE_OUTPUT) ?
PSA_JPAKE_X2S_STEP_KEY_SHARE :
PSA_JPAKE_X4S_STEP_KEY_SHARE;
} else {
return PSA_JPAKE_STEP_INVALID;
}
return PSA_JPAKE_STEP_INVALID;
return key_share_step + stage->step - PSA_PAKE_STEP_KEY_SHARE;
}
#endif /* PSA_WANT_ALG_JPAKE */
@ -7981,12 +7999,6 @@ static psa_status_t psa_pake_complete_inputs(
#if defined(PSA_WANT_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) {
operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION;
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
computation_stage->state = PSA_PAKE_STATE_READY;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
computation_stage->input_step = PSA_PAKE_STEP_X1_X2;
computation_stage->output_step = PSA_PAKE_STEP_X1_X2;
} else
#endif /* PSA_WANT_ALG_JPAKE */
{
@ -7997,9 +8009,10 @@ static psa_status_t psa_pake_complete_inputs(
}
#if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_output_prologue(
static psa_status_t psa_jpake_prologue(
psa_pake_operation_t *operation,
psa_pake_step_t step)
psa_pake_step_t step,
psa_jpake_io_mode_t io_mode)
{
if (step != PSA_PAKE_STEP_KEY_SHARE &&
step != PSA_PAKE_STEP_ZK_PUBLIC &&
@ -8010,84 +8023,66 @@ static psa_status_t psa_jpake_output_prologue(
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if (computation_stage->state == PSA_PAKE_STATE_INVALID) {
if (computation_stage->round != PSA_JPAKE_FIRST &&
computation_stage->round != PSA_JPAKE_SECOND) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state != PSA_PAKE_STATE_READY &&
computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 &&
computation_stage->state != PSA_PAKE_OUTPUT_X2S) {
/* Check that the step we are given is the one we were expecting */
if (step != computation_stage->step) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state == PSA_PAKE_STATE_READY) {
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
switch (computation_stage->output_step) {
case PSA_PAKE_STEP_X1_X2:
computation_stage->state = PSA_PAKE_OUTPUT_X1_X2;
break;
case PSA_PAKE_STEP_X2S:
computation_stage->state = PSA_PAKE_OUTPUT_X2S;
break;
default:
return PSA_ERROR_BAD_STATE;
}
computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
}
/* Check if step matches current sequence */
switch (computation_stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
case PSA_PAKE_X2_STEP_KEY_SHARE:
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
case PSA_PAKE_X2_STEP_ZK_PROOF:
if (step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_BAD_STATE;
}
break;
default:
return PSA_ERROR_BAD_STATE;
if (step == PSA_PAKE_STEP_KEY_SHARE &&
computation_stage->inputs == 0 &&
computation_stage->outputs == 0) {
/* Start of the round, so function decides whether we are inputting
* or outputting */
computation_stage->io_mode = io_mode;
} else if (computation_stage->io_mode != io_mode) {
/* Middle of the round so the mode we are in must match the function
* called by the user */
return PSA_ERROR_BAD_STATE;
}
return PSA_SUCCESS;
}
static psa_status_t psa_jpake_output_epilogue(
psa_pake_operation_t *operation)
static psa_status_t psa_jpake_epilogue(
psa_pake_operation_t *operation,
psa_jpake_io_mode_t io_mode)
{
psa_jpake_computation_stage_t *computation_stage =
psa_jpake_computation_stage_t *stage =
&operation->computation_stage.jpake;
if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 &&
computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
(computation_stage->state == PSA_PAKE_OUTPUT_X2S &&
computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
computation_stage->state = PSA_PAKE_STATE_READY;
computation_stage->output_step++;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
if (stage->step == PSA_PAKE_STEP_ZK_PROOF) {
/* End of an input/output */
if (io_mode == PSA_JPAKE_INPUT) {
stage->inputs++;
if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round)) {
stage->io_mode = PSA_JPAKE_OUTPUT;
}
}
if (io_mode == PSA_JPAKE_OUTPUT) {
stage->outputs++;
if (stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) {
stage->io_mode = PSA_JPAKE_INPUT;
}
}
if (stage->inputs == PSA_JPAKE_EXPECTED_INPUTS(stage->round) &&
stage->outputs == PSA_JPAKE_EXPECTED_OUTPUTS(stage->round)) {
/* End of a round, move to the next round */
stage->inputs = 0;
stage->outputs = 0;
stage->round++;
}
stage->step = PSA_PAKE_STEP_KEY_SHARE;
} else {
computation_stage->sequence++;
stage->step++;
}
return PSA_SUCCESS;
}
#endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_output(
@ -8121,7 +8116,7 @@ psa_status_t psa_pake_output(
switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE:
status = psa_jpake_output_prologue(operation, step);
status = psa_jpake_prologue(operation, step, PSA_JPAKE_OUTPUT);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -8145,7 +8140,7 @@ psa_status_t psa_pake_output(
switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE:
status = psa_jpake_output_epilogue(operation);
status = psa_jpake_epilogue(operation, PSA_JPAKE_OUTPUT);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -8162,100 +8157,6 @@ exit:
return status;
}
#if defined(PSA_WANT_ALG_JPAKE)
static psa_status_t psa_jpake_input_prologue(
psa_pake_operation_t *operation,
psa_pake_step_t step)
{
if (step != PSA_PAKE_STEP_KEY_SHARE &&
step != PSA_PAKE_STEP_ZK_PUBLIC &&
step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_INVALID_ARGUMENT;
}
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if (computation_stage->state == PSA_PAKE_STATE_INVALID) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state != PSA_PAKE_STATE_READY &&
computation_stage->state != PSA_PAKE_INPUT_X1_X2 &&
computation_stage->state != PSA_PAKE_INPUT_X4S) {
return PSA_ERROR_BAD_STATE;
}
if (computation_stage->state == PSA_PAKE_STATE_READY) {
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
switch (computation_stage->input_step) {
case PSA_PAKE_STEP_X1_X2:
computation_stage->state = PSA_PAKE_INPUT_X1_X2;
break;
case PSA_PAKE_STEP_X2S:
computation_stage->state = PSA_PAKE_INPUT_X4S;
break;
default:
return PSA_ERROR_BAD_STATE;
}
computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE;
}
/* Check if step matches current sequence */
switch (computation_stage->sequence) {
case PSA_PAKE_X1_STEP_KEY_SHARE:
case PSA_PAKE_X2_STEP_KEY_SHARE:
if (step != PSA_PAKE_STEP_KEY_SHARE) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PUBLIC:
case PSA_PAKE_X2_STEP_ZK_PUBLIC:
if (step != PSA_PAKE_STEP_ZK_PUBLIC) {
return PSA_ERROR_BAD_STATE;
}
break;
case PSA_PAKE_X1_STEP_ZK_PROOF:
case PSA_PAKE_X2_STEP_ZK_PROOF:
if (step != PSA_PAKE_STEP_ZK_PROOF) {
return PSA_ERROR_BAD_STATE;
}
break;
default:
return PSA_ERROR_BAD_STATE;
}
return PSA_SUCCESS;
}
static psa_status_t psa_jpake_input_epilogue(
psa_pake_operation_t *operation)
{
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 &&
computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) ||
(computation_stage->state == PSA_PAKE_INPUT_X4S &&
computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) {
computation_stage->state = PSA_PAKE_STATE_READY;
computation_stage->input_step++;
computation_stage->sequence = PSA_PAKE_SEQ_INVALID;
} else {
computation_stage->sequence++;
}
return PSA_SUCCESS;
}
#endif /* PSA_WANT_ALG_JPAKE */
psa_status_t psa_pake_input(
psa_pake_operation_t *operation,
psa_pake_step_t step,
@ -8288,7 +8189,7 @@ psa_status_t psa_pake_input(
switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE:
status = psa_jpake_input_prologue(operation, step);
status = psa_jpake_prologue(operation, step, PSA_JPAKE_INPUT);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -8312,7 +8213,7 @@ psa_status_t psa_pake_input(
switch (operation->alg) {
#if defined(PSA_WANT_ALG_JPAKE)
case PSA_ALG_JPAKE:
status = psa_jpake_input_epilogue(operation);
status = psa_jpake_epilogue(operation, PSA_JPAKE_INPUT);
if (status != PSA_SUCCESS) {
goto exit;
}
@ -8347,8 +8248,7 @@ psa_status_t psa_pake_get_implicit_key(
if (operation->alg == PSA_ALG_JPAKE) {
psa_jpake_computation_stage_t *computation_stage =
&operation->computation_stage.jpake;
if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE ||
computation_stage->output_step != PSA_PAKE_STEP_DERIVE) {
if (computation_stage->round != PSA_JPAKE_FINISHED) {
status = PSA_ERROR_BAD_STATE;
goto exit;
}

14
library/psa_crypto_ffdh.h
View file

@ -47,8 +47,8 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p key_buffer_size, \p peer_key_length, \p shared_secret_size
* do not match
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_key_agreement_ffdh(
const psa_key_attributes_t *attributes,
@ -73,9 +73,9 @@ psa_status_t mbedtls_psa_key_agreement_ffdh(
* \retval #PSA_SUCCESS The public key was exported successfully.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_export_ffdh_public_key(
const psa_key_attributes_t *attributes,
@ -103,8 +103,8 @@ psa_status_t mbedtls_psa_export_ffdh_public_key(
* Key size in bits is invalid.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of \p key_buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_ffdh_generate_key(
const psa_key_attributes_t *attributes,

88
library/psa_crypto_pake.c
View file

@ -80,65 +80,37 @@
*/
/*
* The first PAKE step shares the same sequences of the second PAKE step
* but with a second set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs.
* It's simpler to share the same sequences numbers of the first
* set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs in both PAKE steps.
* Possible sequence of calls to implementation:
*
* State sequence with step, state & sequence enums:
* => Input & Output Step = PSA_PAKE_STEP_INVALID
* => state = PSA_PAKE_STATE_INVALID
* psa_pake_setup()
* => Input & Output Step = PSA_PAKE_STEP_X1_X2
* => state = PSA_PAKE_STATE_SETUP
* => sequence = PSA_PAKE_SEQ_INVALID
* |
* |--- In any order: (First round input before or after first round output)
* | | First call of psa_pake_output() or psa_pake_input() sets
* | | state = PSA_PAKE_STATE_READY
* | |
* | |------ In Order: => state = PSA_PAKE_OUTPUT_X1_X2
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC
* | | | psa_pake_output() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_STEP_X2S
* | |
* | |------ In Order: => state = PSA_PAKE_INPUT_X1_X2
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_KEY_SHARE
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PUBLIC
* | | | psa_pake_input() => sequence = PSA_PAKE_X2_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_INPUT_X4S
* |
* |--- In any order: (Second round input before or after second round output)
* | |
* | |------ In Order: => state = PSA_PAKE_OUTPUT_X2S
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_output() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_STEP_DERIVE
* | |
* | |------ In Order: => state = PSA_PAKE_INPUT_X4S
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_KEY_SHARE
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PUBLIC
* | | | psa_pake_input() => sequence = PSA_PAKE_X1_STEP_ZK_PROOF
* | | | => state = PSA_PAKE_STATE_READY
* | | | => sequence = PSA_PAKE_SEQ_INVALID
* | | | => Output Step = PSA_PAKE_STEP_DERIVE
* |
* psa_pake_get_implicit_key()
* => Input & Output Step = PSA_PAKE_STEP_INVALID
* |--- In any order:
* | |
* | |------ In Order
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_KEY_SHARE)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PUBLIC)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X1_STEP_ZK_PROOF)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_KEY_SHARE)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PUBLIC)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2_STEP_ZK_PROOF)
* | |
* | |------ In Order:
* | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_KEY_SHARE)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PUBLIC)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X1_STEP_ZK_PROOF)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_KEY_SHARE)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PUBLIC)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X2_STEP_ZK_PROOF)
* |
* |--- In any order:
* | |
* | |------ In Order
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_KEY_SHARE)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PUBLIC)
* | | | mbedtls_psa_pake_output(PSA_JPAKE_X2S_STEP_ZK_PROOF)
* | |
* | |------ In Order:
* | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_KEY_SHARE)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PUBLIC)
* | | mbedtls_psa_pake_input(PSA_JPAKE_X4S_STEP_ZK_PROOF)
*/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)

30
library/psa_crypto_pake.h
View file

@ -43,8 +43,8 @@
* compatible with the PAKE algorithm, or the hash algorithm in
* \p cipher_suite is not supported or not compatible with the PAKE
* algorithm and primitive.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs);
@ -78,10 +78,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
* Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
@ -116,10 +116,10 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED
* the \p input is not supported for the \p operation's algorithm, cipher
* suite or \p step.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
psa_crypto_driver_pake_step_t step,
@ -143,10 +143,10 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation,
* \retval #PSA_ERROR_NOT_SUPPORTED
* Input from a PAKE is not supported by the algorithm in the \p output
* key derivation operation.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_DATA_CORRUPT
* \retval #PSA_ERROR_DATA_INVALID
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
*/
psa_status_t mbedtls_psa_pake_get_implicit_key(
mbedtls_psa_pake_operation_t *operation,
@ -164,7 +164,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key(
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
*/
psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation);

2
library/psa_crypto_slot_management.c
View file

@ -36,8 +36,6 @@
#include <string.h>
#include "mbedtls/platform.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
typedef struct {
psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT];
unsigned key_slots_initialized : 1;

2
library/sha512.c
View file

@ -1001,8 +1001,6 @@ static sha_test_sum_t sha512_test_sum[] =
};
#endif /* MBEDTLS_SHA512_C */
#define ARRAY_LENGTH(a) (sizeof(a) / sizeof((a)[0]))
static int mbedtls_sha512_common_self_test(int verbose, int is384)
{
int i, buflen, ret = 0;

12
library/ssl_cookie.c
View file

@ -37,9 +37,15 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
/*

12
library/ssl_msg.c
View file

@ -49,9 +49,15 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)

12
library/ssl_ticket.c
View file

@ -31,9 +31,15 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
/*

17
library/ssl_tls.c
View file

@ -51,12 +51,15 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_md_errors, \
psa_generic_status_to_mbedtls)
/* Define local translating functions to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
#if defined(MBEDTLS_TEST_HOOKS)
@ -748,8 +751,6 @@ void mbedtls_ssl_print_extensions(const mbedtls_ssl_context *ssl,
}
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(*(a)))
static const char *ticket_flag_name_table[] =
{
[0] = "ALLOW_PSK_RESUMPTION",

14
library/ssl_tls12_client.c
View file

@ -33,9 +33,17 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>

57
library/ssl_tls12_server.c
View file

@ -34,9 +34,18 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
#endif
#if defined(MBEDTLS_ECP_C)
@ -2589,14 +2598,17 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
unsigned char buf[
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
mbedtls_pk_context *pk;
mbedtls_pk_type_t pk_type;
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
uint16_t tls_id = 0;
psa_ecc_family_t ecc_family;
size_t key_len;
mbedtls_pk_context *pk;
mbedtls_ecp_group_id grp_id;
unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
mbedtls_ecp_keypair *key;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
pk = mbedtls_ssl_own_key(ssl);
@ -2604,18 +2616,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
pk_type = mbedtls_pk_get_type(pk);
switch (mbedtls_pk_get_type(pk)) {
switch (pk_type) {
case MBEDTLS_PK_OPAQUE:
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
ssl->handshake->ecdh_psa_privkey = pk->priv_id;
/* Key should not be destroyed in the TLS library */
ssl->handshake->ecdh_psa_privkey_is_external = 1;
@ -2633,9 +2647,11 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
ret = 0;
break;
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
key = mbedtls_pk_ec_rw(*pk);
grp_id = mbedtls_pk_get_group_id(pk);
if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@ -2660,36 +2676,29 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup;
}
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len);
if (ret != 0) {
goto cleanup;
mbedtls_platform_zeroize(buf, sizeof(buf));
break;
}
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
status = psa_import_key(&key_attributes, buf, key_len,
&ssl->handshake->ecdh_psa_privkey);
if (status != PSA_SUCCESS) {
ret = PSA_TO_MBEDTLS_ERR(status);
goto cleanup;
mbedtls_platform_zeroize(buf, sizeof(buf));
break;
}
mbedtls_platform_zeroize(buf, sizeof(buf));
ret = 0;
break;
#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
default:
ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
cleanup:
mbedtls_platform_zeroize(buf, sizeof(buf));
return ret;
}
#elif defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \

14
library/ssl_tls13_client.c
View file

@ -35,9 +35,17 @@
#include "ssl_debug_helpers.h"
#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#if defined(PSA_WANT_ALG_ECDH)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
/* Write extensions */

15
library/ssl_tls13_generic.c
View file

@ -39,9 +39,18 @@
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
defined(PSA_WANT_ALG_ECDH)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#endif
const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
MBEDTLS_SERVER_HELLO_RANDOM_LEN] =

12
library/ssl_tls13_keys.c
View file

@ -36,9 +36,15 @@
#include "psa/crypto.h"
#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
/* Define a local translating function to save code size by not using too many
* arguments in each translating place. */
static int local_err_translation(psa_status_t status)
{
return psa_status_to_mbedtls(status, psa_to_ssl_errors,
ARRAY_LENGTH(psa_to_ssl_errors),
psa_generic_status_to_mbedtls);
}
#define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
.name = string,

46
library/x509.c
View file

@ -53,13 +53,17 @@
#include <time.h>
#endif
#define CHECK(code) if ((ret = (code)) != 0) { return ret; }
#define CHECK(code) \
do { \
if ((ret = (code)) != 0) { \
return ret; \
} \
} while (0)
#define CHECK_RANGE(min, max, val) \
do \
{ \
if ((val) < (min) || (val) > (max)) \
{ \
return ret; \
do { \
if ((val) < (min) || (val) > (max)) { \
return ret; \
} \
} while (0)
@ -1700,16 +1704,19 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
return 0;
}
#define PRINT_ITEM(i) \
{ \
ret = mbedtls_snprintf(p, n, "%s" i, sep); \
MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \
}
#define PRINT_ITEM(i) \
do { \
ret = mbedtls_snprintf(p, n, "%s" i, sep); \
MBEDTLS_X509_SAFE_SNPRINTF; \
sep = ", "; \
} while (0)
#define CERT_TYPE(type, name) \
if (ns_cert_type & (type)) \
PRINT_ITEM(name);
#define CERT_TYPE(type, name) \
do { \
if (ns_cert_type & (type)) { \
PRINT_ITEM(name); \
} \
} while (0)
int mbedtls_x509_info_cert_type(char **buf, size_t *size,
unsigned char ns_cert_type)
@ -1734,9 +1741,12 @@ int mbedtls_x509_info_cert_type(char **buf, size_t *size,
return 0;
}
#define KEY_USAGE(code, name) \
if (key_usage & (code)) \
PRINT_ITEM(name);
#define KEY_USAGE(code, name) \
do { \
if ((key_usage) & (code)) { \
PRINT_ITEM(name); \
} \
} while (0)
int mbedtls_x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage)

18
library/x509_crt.c
View file

@ -49,7 +49,6 @@
#include "mbedtls/psa_util.h"
#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include "x509_invasive.h"
#include "pk_internal.h"
#include "mbedtls/platform.h"
@ -107,7 +106,7 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA384) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA512),
0xFFFFFFF, /* Any PK alg */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Curves at or above 128-bit security level. Note that this selection
* should be aligned with ssl_preset_default_curves in ssl_tls.c. */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
@ -117,9 +116,9 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP384R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_BP512R1) |
0,
#else /* MBEDTLS_ECP_LIGHT */
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
0,
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
2048,
};
@ -158,13 +157,13 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
/* Only ECDSA */
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECDSA) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_PK_ECKEY),
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
/* Only NIST P-256 and P-384 */
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP256R1) |
MBEDTLS_X509_ID_FLAG(MBEDTLS_ECP_DP_SECP384R1),
#else /* MBEDTLS_ECP_LIGHT */
#else /* MBEDTLS_PK_HAVE_ECC_KEYS */
0,
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
0,
};
@ -234,7 +233,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) {
@ -250,7 +249,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile,
return -1;
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return -1;
}
@ -2862,7 +2861,6 @@ static int x509_inet_pton_ipv4(const char *src, void *dst)
#endif /* !AF_INET6 || MBEDTLS_TEST_SW_INET_PTON */ //no-check-names
MBEDTLS_STATIC_TESTABLE
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst)
{
return strchr(cn, ':') == NULL

53
library/x509_invasive.h
View file

@ -1,53 +0,0 @@
/**
* \file x509_invasive.h
*
* \brief x509 module: interfaces for invasive testing only.
*
* The interfaces in this file are intended for testing purposes only.
* They SHOULD NOT be made available in library integrations except when
* building the library for testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef MBEDTLS_X509_INVASIVE_H
#define MBEDTLS_X509_INVASIVE_H
#include "common.h"
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief This function parses a CN string as an IP address.
*
* \param cn The CN string to parse. CN string MUST be NUL-terminated.
* \param dst The target buffer to populate with the binary IP address.
* The buffer MUST be 16 bytes to save IPv6, and should be
* 4-byte aligned if the result will be used as struct in_addr.
* e.g. uint32_t dst[4]
*
* \note \cn is parsed as an IPv6 address if string contains ':',
* else \cn is parsed as an IPv4 address.
*
* \return Length of binary IP address; num bytes written to target.
* \return \c 0 on failure to parse CN string as an IP address.
*/
size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
#endif /* MBEDTLS_TEST_HOOKS */
#endif /* MBEDTLS_X509_INVASIVE_H */

41
programs/x509/cert_req.c
View file

@ -116,18 +116,6 @@ struct options {
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt;
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
}
str++;
}
}
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@ -165,13 +153,15 @@ int main(int argc, char *argv[])
mbedtls_pk_context key;
char buf[1024];
int i;
char *p, *q, *r, *r2;
char *p, *q, *r, *subtype_value;
mbedtls_x509write_csr req;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "csr example app";
mbedtls_x509_san_list *cur, *prev;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
uint8_t ip[4] = { 0 };
#endif
/*
* Set to sane values
*/
@ -231,8 +221,6 @@ usage:
prev = NULL;
while (q != NULL) {
uint8_t ip[4] = { 0 };
if ((r = strchr(q, ';')) != NULL) {
*r++ = '\0';
}
@ -245,8 +233,8 @@ usage:
cur->next = NULL;
if ((r2 = strchr(q, ':')) != NULL) {
*r2++ = '\0';
if ((subtype_value = strchr(q, ':')) != NULL) {
*subtype_value++ = '\0';
}
if (strcmp(q, "URI") == 0) {
@ -254,18 +242,31 @@ usage:
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_string_to_bytes(r2, ip, 4);
ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
if (ip_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
}
#else
mbedtls_printf("IP SAN parsing requires MBEDTLS_X509_CRT_PARSE_C to be defined");
goto exit;
#endif
} else {
mbedtls_free(cur);
goto usage;
}
if (strcmp(q, "IP") == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C)
cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip);
#endif
} else {
q = r2;
q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q);
}

25
programs/x509/cert_write.c
View file

@ -216,18 +216,6 @@ struct options {
int format; /* format */
} opt;
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
bytes[i] = (uint8_t) strtoul(str, NULL, 10);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
}
str++;
}
}
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@ -601,8 +589,14 @@ usage:
} else if (strcmp(q, "DNS") == 0) {
cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
} else if (strcmp(q, "IP") == 0) {
size_t ip_len = 0;
cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
ip_string_to_bytes(subtype_value, ip, 4);
ip_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
if (ip_len == 0) {
mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
subtype_value);
goto exit;
}
cur->node.san.unstructured_name.p = (unsigned char *) ip;
cur->node.san.unstructured_name.len = sizeof(ip);
} else if (strcmp(q, "DN") == 0) {
@ -625,8 +619,9 @@ usage:
if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
cur->node.san.unstructured_name.p = (unsigned char *) subtype_value;
cur->node.san.unstructured_name.len = strlen(subtype_value);
q = subtype_value;
cur->node.san.unstructured_name.p = (unsigned char *) q;
cur->node.san.unstructured_name.len = strlen(q);
}
if (prev == NULL) {

16
scripts/generate_ssl_debug_helpers.py
View file

@ -209,24 +209,18 @@ class EnumDefinition:
continue
member = field.strip().split()[0]
translation_table.append(
'{space}[{member}] = "{member}",'.format(member=member,
space=' '*8)
'{space}case {member}:\n{space} return "{member}";'
.format(member=member, space=' '*8)
)
body = textwrap.dedent('''\
const char *{name}_str( {prototype} in )
{{
const char * in_to_str[]=
{{
switch (in) {{
{translation_table}
}};
if( in > ( sizeof( in_to_str )/sizeof( in_to_str[0]) - 1 ) ||
in_to_str[ in ] == NULL )
{{
return "UNKNOWN_VALUE";
default:
return "UNKNOWN_VALUE";
}}
return in_to_str[ in ];
}}
''')
body = body.format(translation_table='\n'.join(translation_table),

10
scripts/mbedtls_dev/bignum_common.py
View file

@ -19,6 +19,7 @@ import enum
from typing import Iterator, List, Tuple, TypeVar, Any
from copy import deepcopy
from itertools import chain
from math import ceil
from . import test_case
from . import test_data_generation
@ -76,9 +77,14 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
"""Return all pair combinations from input values."""
return [(x, y) for x in values for y in values]
def bits_to_limbs(bits: int, bits_in_limb: int) -> int:
""" Return the appropriate ammount of limbs needed to store
a number contained in input bits"""
return ceil(bits / bits_in_limb)
def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int:
""" Retrun the hex digits need for a number of limbs. """
return 2 * (limbs * bits_in_limb // 8)
""" Return the hex digits need for a number of limbs. """
return 2 * ((limbs * bits_in_limb) // 8)
def hex_digits_max_int(val: str, bits_in_limb: int) -> int:
""" Return the first number exceeding maximum the limb space

23
scripts/mbedtls_dev/ecp.py
View file

@ -34,7 +34,8 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p192_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED"]
dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
@ -110,7 +111,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p224_raw"
input_style = "arch_split"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED"]
dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
@ -163,7 +165,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon,
@property
def arg_a(self) -> str:
hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
def result(self) -> List[str]:
@ -187,7 +190,8 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p256_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED"]
dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
@ -270,7 +274,8 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p384_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED"]
dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
"fffffffffffffffeffffffff0000000000000000ffffffff")
@ -392,7 +397,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon,
test_name = "ecp_mod_p521_raw"
input_style = "arch_split"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED"]
dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED",
"MBEDTLS_ECP_NIST_OPTIM"]
moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
@ -568,7 +574,7 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon,
symbol = "-"
test_function = "ecp_mod_p_generic_raw"
test_name = "ecp_mod_p224k1_raw"
input_style = "fixed"
input_style = "arch_split"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
@ -619,7 +625,8 @@ class EcpP224K1Raw(bignum_common.ModOperationCommon,
@property
def arg_a(self) -> str:
hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
def result(self) -> List[str]:

40
tests/include/test/macros.h
View file

@ -33,6 +33,7 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
#include "mbedtls/memory_buffer_alloc.h"
#endif
#include "common.h"
/**
* \brief This macro tests the expression passed to it as a test step or
@ -196,45 +197,6 @@
mbedtls_exit(1); \
}
/** \def ARRAY_LENGTH
* Return the number of elements of a static or stack array.
*
* \param array A value of array (not pointer) type.
*
* \return The number of elements of the array.
*/
/* A correct implementation of ARRAY_LENGTH, but which silently gives
* a nonsensical result if called with a pointer rather than an array. */
#define ARRAY_LENGTH_UNSAFE(array) \
(sizeof(array) / sizeof(*(array)))
#if defined(__GNUC__)
/* Test if arg and &(arg)[0] have the same type. This is true if arg is
* an array but not if it's a pointer. */
#define IS_ARRAY_NOT_POINTER(arg) \
(!__builtin_types_compatible_p(__typeof__(arg), \
__typeof__(&(arg)[0])))
/* A compile-time constant with the value 0. If `const_expr` is not a
* compile-time constant with a nonzero value, cause a compile-time error. */
#define STATIC_ASSERT_EXPR(const_expr) \
(0 && sizeof(struct { unsigned int STATIC_ASSERT : 1 - 2 * !(const_expr); }))
/* Return the scalar value `value` (possibly promoted). This is a compile-time
* constant if `value` is. `condition` must be a compile-time constant.
* If `condition` is false, arrange to cause a compile-time error. */
#define STATIC_ASSERT_THEN_RETURN(condition, value) \
(STATIC_ASSERT_EXPR(condition) ? 0 : (value))
#define ARRAY_LENGTH(array) \
(STATIC_ASSERT_THEN_RETURN(IS_ARRAY_NOT_POINTER(array), \
ARRAY_LENGTH_UNSAFE(array)))
#else
/* If we aren't sure the compiler supports our non-standard tricks,
* fall back to the unsafe implementation. */
#define ARRAY_LENGTH(array) ARRAY_LENGTH_UNSAFE(array)
#endif
/** Return the smaller of two values.
*
* \param x An integer-valued expression without side effects.

52
tests/scripts/all.sh
View file

@ -2418,9 +2418,17 @@ component_test_psa_crypto_config_reference_ecc_ecp_light_only () {
# on the ECP module.
config_psa_crypto_no_ecp_at_all () {
DRIVER_ONLY="$1"
# start with crypto_full config for maximum coverage (also enables USE_PSA),
# but excluding X509, TLS and key exchanges
helper_libtestdriver1_adjust_config "crypto_full"
# start with full config for maximum coverage (also enables USE_PSA)
helper_libtestdriver1_adjust_config "full"
# keep excluding TLS and key exchanges (this will be removed in #7749)
# Note: key exchanges are not explicitly disabled here because they are
# auto-disabled in build_info.h as long as the following symbols
# are not enabled.
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_PROTO_DTLS
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_2
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@ -2433,22 +2441,6 @@ config_psa_crypto_no_ecp_at_all () {
scripts/config.py unset MBEDTLS_ECP_C
fi
# Disable PK module since it depends on ECP
scripts/config.py unset MBEDTLS_PK_C
scripts/config.py unset MBEDTLS_PK_PARSE_C
scripts/config.py unset MBEDTLS_PK_WRITE_C
# Disable also RSA_C that would re-enable PK
scripts/config.py unset MBEDTLS_RSA_C
scripts/config.py unset MBEDTLS_PKCS1_V15
scripts/config.py unset MBEDTLS_PKCS1_V21
scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
# Disable also key exchanges that depend on RSA for completeness
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
# Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
@ -2458,16 +2450,6 @@ config_psa_crypto_no_ecp_at_all () {
# the future, the following line could be removed (see issues
# 6061, 6332 and following ones)
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
# Disable PSA_WANT symbols that would re-enable PK
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
scripts/config.py -f include/psa/crypto_config.h unset $ALG
done
}
# Build and test a configuration where driver accelerates all EC algs while
@ -2476,7 +2458,7 @@ config_psa_crypto_no_ecp_at_all () {
#
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
msg "build: crypto_full + accelerated EC algs + USE_PSA - ECP"
msg "build: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
# Algorithms and key types to accelerate
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@ -2507,12 +2489,11 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
not grep mbedtls_ecjpake_ library/ecjpake.o
# Also ensure that ECP or RSA modules were not re-enabled
not grep mbedtls_ecp_ library/ecp.o
not grep mbedtls_rsa_ library/rsa.o
# Run the tests
# -------------
msg "test suites: crypto_full + accelerated EC algs + USE_PSA - ECP"
msg "test: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
make test
}
@ -2520,16 +2501,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
# Keep in sync with its accelerated counterpart.
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
msg "build: crypto_full + non accelerated EC algs + USE_PSA"
msg "build: full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
config_psa_crypto_no_ecp_at_all 0
make
# Esure that the RSA module was not re-enabled
not grep mbedtls_rsa_ library/rsa.o
msg "test suites: crypto_full + non accelerated EC algs + USE_PSA"
msg "test: crypto_full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
make test
}

22
tests/scripts/analyze_outcomes.py
View file

@ -302,6 +302,28 @@ TASKS = {
# case above.
('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking '
'requirements, from RFC8410 Appendix A but made into version 0)'),
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
# even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
],
}
}

13
tests/src/bignum_helpers.c
View file

@ -99,7 +99,18 @@ int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
if (ret != 0) {
return ret;
}
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
if (ret != 0) {
mbedtls_free(p);
}

58
tests/suites/test_suite_bignum_mod.function
View file

@ -10,21 +10,6 @@
ASSERT_COMPARE((a).p, (a).limbs * sizeof(mbedtls_mpi_uint), \
(b).p, (b).limbs * sizeof(mbedtls_mpi_uint))
static int test_read_modulus(mbedtls_mpi_mod_modulus *m,
mbedtls_mpi_mod_rep_selector int_rep,
char *input)
{
mbedtls_mpi_uint *p = NULL;
size_t limbs;
int ret = mbedtls_test_read_mpi_core(&p, &limbs, input);
if (ret != 0) {
return ret;
}
return mbedtls_mpi_mod_modulus_setup(m, p, limbs, int_rep);
}
static int test_read_residue(mbedtls_mpi_mod_residue *r,
const mbedtls_mpi_mod_modulus *m,
char *input,
@ -65,7 +50,19 @@ void mpi_mod_setup(int int_rep, int iret)
memset(mp, 0xFF, sizeof(mp));
mbedtls_mpi_mod_modulus_init(&m);
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS, int_rep);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
ret = mbedtls_mpi_mod_modulus_setup(&m, mp, MLIMBS);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
ret = mbedtls_mpi_mod_optred_modulus_setup(&m, mp, MLIMBS, NULL);
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
break;
}
TEST_EQUAL(ret, iret);
/* Only test if the constants have been set-up */
@ -112,8 +109,8 @@ void mpi_mod_mul(char *input_A,
mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
0);
TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 0), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 0), 0);
@ -200,8 +197,8 @@ void mpi_mod_mul_neg(char *input_A,
mbedtls_mpi_mod_modulus fake_m;
mbedtls_mpi_mod_modulus_init(&fake_m);
TEST_EQUAL(test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N),
0);
TEST_EQUAL(mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(test_read_residue(&rA, &m, input_A, 1), 0);
TEST_EQUAL(test_read_residue(&rB, &m, input_B, 1), 0);
@ -247,7 +244,8 @@ void mpi_mod_sub(char *input_N,
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@ -348,7 +346,8 @@ void mpi_mod_inv_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@ -397,7 +396,8 @@ void mpi_mod_inv_non_mont(char *input_N,
mbedtls_mpi_mod_modulus_init(&N);
TEST_EQUAL(0,
test_read_modulus(&N, MBEDTLS_MPI_MOD_REP_OPT_RED, input_N));
mbedtls_test_read_mpi_modulus(&N, input_N,
MBEDTLS_MPI_MOD_REP_OPT_RED));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@ -447,7 +447,8 @@ void mpi_mod_add(char *input_N,
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(0,
test_read_modulus(&m, MBEDTLS_MPI_MOD_REP_MONTGOMERY, input_N));
mbedtls_test_read_mpi_modulus(&m, input_N,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
/* test_read_residue() normally checks that inputs have the same number of
* limbs as the modulus. For negative testing we can ask it to skip this
@ -550,8 +551,7 @@ void mpi_residue_setup(char *input_N, char *input_R, int ret)
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&N, &n_limbs, input_N));
TEST_EQUAL(0, mbedtls_test_read_mpi_core(&R, &r_limbs, input_R));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
TEST_EQUAL(ret, mbedtls_mpi_mod_residue_setup(&r, &m, R, r_limbs));
@ -592,8 +592,7 @@ void mpi_mod_io_neg(char *input_N, data_t *buf, int ret)
mbedtls_mpi_mod_write(&r, &m, buf->x, buf->len, endian));
/* Set up modulus and test with residue->p == NULL */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
TEST_EQUAL(MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
mbedtls_mpi_mod_read(&r, &m, buf->x, buf->len, endian));
@ -666,8 +665,7 @@ void mpi_mod_io(char *input_N, data_t *input_A, int endian)
TEST_LE_U(a_bytes, n_bytes);
/* Init Structures */
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* Enforcing p_limbs >= m->limbs */
TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&r, &m, R, n_limbs));

31
tests/suites/test_suite_bignum_mod_raw.function
View file

@ -54,8 +54,7 @@ void mpi_mod_raw_io(data_t *input, int nb_int, int nx_32_int,
mbedtls_mpi_uint init[sizeof(X) / sizeof(X[0])];
memset(init, 0xFF, sizeof(init));
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx,
MBEDTLS_MPI_MOD_REP_MONTGOMERY);
int ret = mbedtls_mpi_mod_modulus_setup(&m, init, nx);
TEST_EQUAL(ret, 0);
if (iendian == MBEDTLS_MPI_MOD_EXT_REP_INVALID && iret != 0) {
@ -137,8 +136,7 @@ void mpi_mod_raw_cond_assign(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
&m, buff_m, copy_limbs), 0);
/* condition is false */
TEST_CF_SECRET(X, bytes);
@ -208,8 +206,7 @@ void mpi_mod_raw_cond_swap(char *input_X,
ASSERT_ALLOC(buff_m, copy_limbs);
memset(buff_m, 0xFF, copy_limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, buff_m, copy_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
&m, buff_m, copy_limbs), 0);
ASSERT_ALLOC(X, limbs);
memcpy(X, tmp_X, bytes);
@ -297,8 +294,7 @@ void mpi_mod_raw_sub(char *input_A,
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
&m, N, limbs), 0);
mbedtls_mpi_mod_raw_sub(X, A, B, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
@ -368,8 +364,7 @@ void mpi_mod_raw_fix_quasi_reduction(char *input_N,
TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
&m, N, limbs), 0);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
@ -419,8 +414,7 @@ void mpi_mod_raw_mul(char *input_A,
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
&m, N, limbs), 0);
const size_t limbs_T = limbs * 2 + 1;
ASSERT_ALLOC(T, limbs_T);
@ -580,9 +574,7 @@ void mpi_mod_raw_add(char *input_N,
ASSERT_ALLOC(X, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY
), 0);
&m, N, limbs), 0);
/* A + B => Correct result */
mbedtls_mpi_mod_raw_add(X, A, B, &m);
@ -720,8 +712,7 @@ void mpi_mod_raw_to_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* 1. Test low-level function first */
@ -785,8 +776,7 @@ void mpi_mod_raw_from_mont_rep(char *input_N, char *input_A, char *input_X)
size_t limbs = n_limbs;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* 1. Test low-level function first */
@ -847,8 +837,7 @@ void mpi_mod_raw_neg(char *input_N, char *input_A, char *input_X)
ASSERT_ALLOC(R, n_limbs);
ASSERT_ALLOC(Z, n_limbs);
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY));
TEST_EQUAL(0, mbedtls_mpi_mod_modulus_setup(&m, N, n_limbs));
/* Neg( A == 0 ) => Zero result */
mbedtls_mpi_mod_raw_neg(R, Z, &m);

183
tests/suites/test_suite_ecp.data
View file

@ -1101,6 +1101,10 @@ ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #18.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5376":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
@ -1125,6 +1129,10 @@ ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #24.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec52":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
@ -1149,6 +1157,10 @@ ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #30.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f2":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
@ -1235,6 +1247,177 @@ ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
ecp_mul_inv #49 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #50 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #51 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #51.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffefffffffffffffffe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #52 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"0f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #53 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"0cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #54 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"00326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #54.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_mul_inv:"00ffffffffffffffffffffffffffffffff000000000000000000000000":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #55 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #56 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #57 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #57.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_mul_inv:"ffffffff00000001000000000000000000000000fffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #58 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #59 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #60 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #60.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffe":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #61 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #62 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #63 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #63.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_mul_inv:"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #64 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #65 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #66 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #66.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_mul_inv:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #67 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #68 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #69 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #69.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffeffffee36":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
# For coordinate moduli of secp224K1 the values are selected as one for
# modulus - 1, and four random values, generated with
# random.getrandbits(224) % modulus with a seed(2, 2).
ecp_mul_inv #70 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #71 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #72 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #73 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #74 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #75 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_mul_inv:"8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #76 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #77 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #78 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #78.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_mul_inv:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #79 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #80 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #81 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
ecp_mul_inv #81.1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_mul_inv:"000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffffffffffffffffffffffffffffffffffffffffffffffffffffe":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
# The following data was generated using python's standard random library,
# initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520.
# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup()

47
tests/suites/test_suite_ecp.function
View file

@ -1294,72 +1294,72 @@ void ecp_mod_p_generic_raw(int curve_id,
bytes = limbs_N * sizeof(mbedtls_mpi_uint);
switch (curve_id) {
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP192R1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(192) * 2;
curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP224R1:
limbs = 448 / biL;
limbs = BITS_TO_LIMBS(224) * 2;
curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP256R1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(256) * 2;
curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP384R1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(384) * 2;
curve_bits = 384;
curve_func = &mbedtls_ecp_mod_p384_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM)
case MBEDTLS_ECP_DP_SECP521R1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(522) * 2;
curve_bits = 522;
curve_func = &mbedtls_ecp_mod_p521_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
case MBEDTLS_ECP_DP_SECP192K1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(192) * 2;
curve_bits = 192;
curve_func = &mbedtls_ecp_mod_p192k1_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
case MBEDTLS_ECP_DP_SECP224K1:
limbs = 448 / biL;
limbs = BITS_TO_LIMBS(224) * 2;
curve_bits = 224;
curve_func = &mbedtls_ecp_mod_p224k1_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
case MBEDTLS_ECP_DP_SECP256K1:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(256) * 2;
curve_bits = 256;
curve_func = &mbedtls_ecp_mod_p256k1_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
case MBEDTLS_ECP_DP_CURVE25519:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(255) * 2;
curve_bits = 255;
curve_func = &mbedtls_ecp_mod_p255_raw;
break;
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
case MBEDTLS_ECP_DP_CURVE448:
limbs = 2 * limbs_N;
limbs = BITS_TO_LIMBS(448) * 2;
curve_bits = 448;
curve_func = &mbedtls_ecp_mod_p448_raw;
break;
@ -1373,8 +1373,7 @@ void ecp_mod_p_generic_raw(int curve_id,
TEST_EQUAL(limbs_res, limbs_N);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs_N,
MBEDTLS_MPI_MOD_REP_OPT_RED), 0);
&m, N, limbs_N), 0);
TEST_EQUAL((*curve_func)(X, limbs_X), 0);
@ -1407,16 +1406,18 @@ void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
TEST_EQUAL(ret, iret);
if (ret == 0) {
TEST_ASSERT(m.int_rep != MBEDTLS_MPI_MOD_REP_INVALID);
/* Test for limb sizes */
TEST_EQUAL(m.limbs, p_limbs);
bytes = p_limbs * sizeof(mbedtls_mpi_uint);
/* Test for validity of moduli by the presence of Montgomery consts */
TEST_ASSERT(m.rep.mont.mm != 0);
TEST_ASSERT(m.rep.mont.rr != NULL);
if (m.int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
/* Test for validity of moduli by the presence of Montgomery consts */
TEST_ASSERT(m.rep.mont.mm != 0);
TEST_ASSERT(m.rep.mont.rr != NULL);
} else {
TEST_ASSERT(m.rep.ored.modp != NULL);
}
/* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes);

24
tests/suites/test_suite_pk.data
View file

@ -13,19 +13,19 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_utils:MBEDTLS_PK_RSA:512:512:64:"RSA"
PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC"
PK utils: ECKEY_DH SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:192:24:"EC_DH"
PK utils: ECKEY_DH Curve25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE25519:255:32:"EC_DH"
PK utils: ECKEY_DH Curve448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_utils:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_CURVE448:448:56:"EC_DH"
PK utils: ECDSA SECP192R1
@ -289,11 +289,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDH
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
@ -397,7 +397,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
EC_DH (no) sign-verify: SECP192R1
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify
@ -425,11 +425,11 @@ depends_on:MBEDTLS_PKCS1_V15
pk_wrap_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
EC nocrypt
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY
EC-DH nocrypt
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_ec_nocrypt:MBEDTLS_PK_ECKEY_DH
ECDSA nocrypt
@ -525,11 +525,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_verify_ext_test_vec:"ae6e43dd387c25741e42fc3570cdfc52e4f51a2343294f3b677dfe01cd5339f6":MBEDTLS_MD_SHA256:1024:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256:94:129:MBEDTLS_ERR_RSA_VERIFY_FAILED
Check pair #1 (EC, OK)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
Check pair #2 (EC, bad)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
Check pair #3 (RSA, OK)
@ -541,7 +541,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
Check pair #5 (RSA vs EC)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA hash_len overflow (size_t vs unsigned int)

28
tests/suites/test_suite_pk.function
View file

@ -94,7 +94,7 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
parameter, 3);
}
#endif
#if defined(MBEDTLS_ECP_LIGHT)
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
@ -112,25 +112,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter)
#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_group grp;
/* Duplicating the mbedtls_ecp_group_load call to make this part
* more future future proof for when ECP_C will not be defined. */
mbedtls_ecp_group_init(&grp);
ret = mbedtls_ecp_group_load(&grp, parameter);
ret = pk_genkey_ec(pk, parameter);
if (ret != 0) {
return ret;
}
ret = pk_genkey_ec(pk, grp.id);
if (ret != 0) {
return ret;
}
mbedtls_ecp_group_free(&grp);
return 0;
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
}
#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return -1;
}
@ -737,15 +728,10 @@ void pk_ec_test_vec(int type, int id, data_t *key, data_t *hash,
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_ecp_keypair ecp;
mbedtls_ecp_keypair_init(&ecp);
TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0);
TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q,
key->x, key->len) == 0);
TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0);
mbedtls_ecp_keypair_free(&ecp);
TEST_ASSERT(key->len <= MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
memcpy(pk.pub_raw, key->x, key->len);
pk.ec_family = mbedtls_ecc_group_to_psa(id, &(pk.ec_bits));
pk.pub_raw_len = key->len;
#else
mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk);

82
tests/suites/test_suite_pkparse.data
View file

@ -905,11 +905,11 @@ Parse Public RSA Key #4 (PKCS#1 wrapped, DER)
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs1_2048_public.der":0
Parse Public EC Key #1 (RFC 5480, DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.der":0
Parse Public EC Key #2 (RFC 5480, PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_pub.pem":0
Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)
@ -917,7 +917,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_pub.comp.pem":0
Parse Public EC Key #3 (RFC 5480, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.pem":0
# Compressed points parsing does not support MBEDTLS_ECP_DP_SECP224R1 and
@ -927,7 +927,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_224_pub.comp.pem":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
Parse Public EC Key #4 (RFC 5480, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.pem":0
Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)
@ -935,7 +935,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_256_pub.comp.pem":0
Parse Public EC Key #5 (RFC 5480, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.pem":0
Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)
@ -943,7 +943,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_384_pub.comp.pem":0
Parse Public EC Key #6 (RFC 5480, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.pem":0
Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)
@ -951,7 +951,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_public_keyfile_ec:"data_files/ec_521_pub.comp.pem":0
Parse Public EC Key #7 (RFC 5480, brainpoolP256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.pem":0
Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)
@ -959,7 +959,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
pk_parse_public_keyfile_ec:"data_files/ec_bp256_pub.comp.pem":0
Parse Public EC Key #8 (RFC 5480, brainpoolP384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.pem":0
Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)
@ -967,7 +967,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
pk_parse_public_keyfile_ec:"data_files/ec_bp384_pub.comp.pem":0
Parse Public EC Key #9 (RFC 5480, brainpoolP512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)
@ -975,27 +975,27 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP5
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
Parse Public EC Key #10 (RFC 8410, DER, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
Parse Public EC Key #11 (RFC 8410, DER, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
Parse Public EC Key #12 (RFC 8410, PEM, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
Parse Public EC Key #13 (RFC 8410, PEM, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pem":"NULL":0
Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)
@ -1003,43 +1003,43 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.comp.pem":"NULL":0
Parse EC Key #3 (SEC1 PEM encrypted)
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
depends_on:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.pw.pem":"polar":0
Parse EC Key #4 (PKCS8 DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pem":"NULL":0
Parse EC Key #5a (PKCS8 PEM, no public key)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.pem":"NULL":0
Parse EC Key #5b (PKCS8 PEM, no public key, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.pem":"NULL":0
Parse EC Key #5c (PKCS8 PEM, with parameters)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0
Parse EC Key #8 (SEC1 PEM, secp224r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP224R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0
Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)
@ -1047,7 +1047,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_224_prv.comp.pem":"NULL":0
Parse EC Key #9 (SEC1 PEM, secp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0
Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)
@ -1055,7 +1055,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_256_prv.comp.pem":"NULL":0
Parse EC Key #10 (SEC1 PEM, secp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0
Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)
@ -1063,7 +1063,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_384_prv.comp.pem":"NULL":0
Parse EC Key #11 (SEC1 PEM, secp521r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0
Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)
@ -1071,7 +1071,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_SEC
pk_parse_keyfile_ec:"data_files/ec_521_prv.comp.pem":"NULL":0
Parse EC Key #12 (SEC1 PEM, bp256r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP256R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0
Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)
@ -1079,7 +1079,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP2
pk_parse_keyfile_ec:"data_files/ec_bp256_prv.comp.pem":"NULL":0
Parse EC Key #13 (SEC1 PEM, bp384r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP384R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP384R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0
Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)
@ -1087,7 +1087,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_EC_COMPRESSED:MBEDTLS_ECP_DP_BP3
pk_parse_keyfile_ec:"data_files/ec_bp384_prv.comp.pem":"NULL":0
Parse EC Key #14 (SEC1 PEM, bp512r1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)
@ -1099,19 +1099,19 @@ depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Parse EC Key #16 (RFC 8410, DER, X25519)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
Parse EC Key #17 (RFC 8410, DER, X448)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
Parse EC Key #18 (RFC 8410, PEM, X25519)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
Parse EC Key #19 (RFC 8410, PEM, X448)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
Key ASN1 (No data)
@ -1193,7 +1193,7 @@ depends_on:MBEDTLS_RSA_C
pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (ECPrivateKey, empty parameters)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0)
@ -1201,24 +1201,24 @@ depends_on:MBEDTLS_ECP_C
pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
depends_on:MBEDTLS_ECP_LIGHT
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT

4
tests/suites/test_suite_pkparse.function
View file

@ -70,7 +70,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_public_keyfile_ec(char *key_file, int result)
{
mbedtls_pk_context ctx;
@ -102,7 +102,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_ECP_LIGHT */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_PK_HAVE_ECC_KEYS */
void pk_parse_keyfile_ec(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;

58
tests/suites/test_suite_pkwrite.data
View file

@ -15,43 +15,43 @@ depends_on:MBEDTLS_RSA_C
pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
Public key write check EC 192 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
Public key write check EC 521 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
Public key write check EC Brainpool 512 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Public key write check EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
Public key write check EC X25519 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
Public key write check EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
Public key write check EC X448 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
Private key write check RSA
@ -71,59 +71,59 @@ depends_on:MBEDTLS_RSA_C
pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
Private key write check EC 192 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
Private key write check EC 256 bits (top bit set) (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
Private key write check EC 521 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
Private key write check EC 521 bits (top byte is 0) (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
Private key write check EC Brainpool 512 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
Private key write check EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
Private key write check EC X25519 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
Private key write check EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
Private key write check EC X448 (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
Derive public key RSA
@ -135,21 +135,21 @@ depends_on:MBEDTLS_RSA_C
pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
Derive public key EC 192 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
Derive public key EC 521 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP521R1_ENABLED
pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
Derive public key EC Brainpool 512 bits
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
Derive public key EC X25519
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED
pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
Derive public key EC X448
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED
pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"

6
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View file

@ -3127,8 +3127,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st
PSA_SUCCESS);
/* Simulate that we are ready to get implicit key. */
operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE;
operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE;
operation.computation_stage.jpake.round = PSA_JPAKE_FINISHED;
operation.computation_stage.jpake.inputs = 0;
operation.computation_stage.jpake.outputs = 0;
operation.computation_stage.jpake.step = PSA_PAKE_STEP_KEY_SHARE;
/* --- psa_pake_get_implicit_key --- */
mbedtls_test_driver_pake_hooks.forced_status = forced_status;

56
tests/suites/test_suite_psa_crypto_pake.data
View file

@ -132,83 +132,99 @@ ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA
PSA PAKE: no injected errors
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_NONE:PSA_SUCCESS:0
PSA PAKE: no injected errors, client input first
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_NONE:PSA_SUCCESS:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_CLIENT_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART1:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PUBLIC_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2:PSA_ERROR_DATA_INVALID:0
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_KEY_SHARE
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_KEY_SHARE:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_CLIENT_ZK_PROOF
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_CLIENT_ZK_PROOF:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_KEY_SHARE
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_KEY_SHARE:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_ROUND2_SERVER_ZK_PROOF
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: ecjpake size macros
depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_LEGACY:PSA_WANT_ECC_SECP_R1_256

48
tests/suites/test_suite_psa_crypto_pake.function
View file

@ -2,6 +2,7 @@
#include <stdint.h>
#include "psa/crypto.h"
#include "psa/crypto_extra.h"
typedef enum {
ERR_NONE = 0,
@ -39,6 +40,10 @@ typedef enum {
ERR_INJECT_ROUND2_SERVER_KEY_SHARE,
ERR_INJECT_ROUND2_SERVER_ZK_PUBLIC,
ERR_INJECT_ROUND2_SERVER_ZK_PROOF,
ERR_INJECT_EXTRA_OUTPUT,
ERR_INJECT_EXTRA_INPUT,
ERR_INJECT_EXTRA_OUTPUT_AT_END,
ERR_INJECT_EXTRA_INPUT_AT_END,
/* erros issued from the .data file */
ERR_IN_SETUP,
ERR_IN_SET_USER,
@ -69,6 +74,13 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
*(buf + 7) ^= 1; \
}
#define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \
if (this_stage == err_stage) \
{ \
TEST_EQUAL(function, expected_error_arg); \
break; \
}
#define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \
{ \
step_offset = main_buf_offset; \
@ -185,6 +197,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer0 + buffer0_off);
DO_ROUND_UPDATE_OFFSETS(buffer0_off, s_x2_pr_off, s_x2_pr_len);
size_t extra_output_len;
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT,
psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off, 512 - s_g2_off, &extra_output_len));
(void) extra_output_len;
/*
* When injecting errors in inputs, the implementation is
* free to detect it right away of with a delay.
@ -223,6 +241,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
s_x2_pr_len);
DO_ROUND_CHECK_FAILURE();
/* Note: Must have client_input_first == 1 to inject extra input */
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_INPUT,
psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
buffer0 + s_g2_off, s_g2_len));
/* Error didn't trigger, make test fail */
if ((err_stage >= ERR_INJECT_ROUND1_SERVER_KEY_SHARE_PART1) &&
(err_stage <= ERR_INJECT_ROUND1_SERVER_ZK_PROOF_PART2)) {
@ -444,6 +468,16 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1 + buffer1_off);
DO_ROUND_UPDATE_OFFSETS(buffer1_off, c_x2s_pr_off, c_x2s_pr_len);
if (client_input_first == 1) {
size_t extra_output_at_end_len;
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_OUTPUT_AT_END,
psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, 512 - c_a_off,
&extra_output_at_end_len));
(void) extra_output_at_end_len;
}
if (client_input_first == 0) {
/* Client second round Input */
status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE,
@ -481,6 +515,12 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
buffer1 + c_x2s_pr_off, c_x2s_pr_len);
DO_ROUND_CHECK_FAILURE();
DO_ROUND_CONDITIONAL_CHECK_FAILURE(
ERR_INJECT_EXTRA_INPUT_AT_END,
psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE,
buffer1 + c_a_off, c_a_len));
/* Error didn't trigger, make test fail */
if ((err_stage >= ERR_INJECT_ROUND2_CLIENT_KEY_SHARE) &&
(err_stage <= ERR_INJECT_ROUND2_CLIENT_ZK_PROOF)) {
@ -733,7 +773,8 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg,
int client_input_first,
data_t *pw_data,
int err_stage_arg,
int expected_error_arg)
int expected_error_arg,
int inject_in_second_round)
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t server = psa_pake_operation_init();
@ -770,9 +811,10 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg,
ecjpake_do_round(alg, primitive_arg, &server, &client,
client_input_first, PAKE_ROUND_ONE,
err_stage, expected_error_arg);
inject_in_second_round ? ERR_NONE : err_stage,
expected_error_arg);
if (err_stage != ERR_NONE) {
if (!inject_in_second_round && err_stage != ERR_NONE) {
goto exit;
}

2
tests/suites/test_suite_x509parse.data
View file

@ -996,7 +996,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)

190
tests/suites/test_suite_x509parse.function
View file

@ -11,8 +11,6 @@
#include "mbedtls/pk.h"
#include "string.h"
#include "x509_invasive.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
@ -433,7 +431,7 @@ void x509_accessor_ext_types(int ext_type, int has_ext_type)
crt.ext_types = ext_type;
TEST_ASSERT(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type) == expected_result);
TEST_EQUAL(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type), expected_result);
exit:
mbedtls_x509_crt_free(&crt);
@ -491,7 +489,7 @@ void x509_parse_san(char *crt_file, char *result_str, int parse_result)
}
}
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@ -510,13 +508,13 @@ void x509_cert_info(char *crt_file, char *result_str)
USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@ -535,13 +533,13 @@ void mbedtls_x509_crl_info(char *crl_file, char *result_str)
USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crl_free(&crl);
@ -559,7 +557,7 @@ void mbedtls_x509_crl_parse(char *crl_file, int result)
USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result);
exit:
mbedtls_x509_crl_free(&crl);
@ -578,13 +576,13 @@ void mbedtls_x509_csr_info(char *csr_file, char *result_str)
USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0);
res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_csr_free(&csr);
@ -605,7 +603,7 @@ void x509_verify_info(int flags, char *prefix, char *result_str)
TEST_ASSERT(res >= 0);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
USE_PSA_DONE();
@ -637,8 +635,8 @@ void x509_verify_restart(char *crt_file, char *ca_file,
mbedtls_x509_crt_init(&ca);
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
mbedtls_ecp_set_max_ops(max_ops);
@ -649,8 +647,8 @@ void x509_verify_restart(char *crt_file, char *ca_file,
NULL, NULL, &rs_ctx);
} while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
TEST_ASSERT(ret == result);
TEST_ASSERT(flags == (uint32_t) flags_result);
TEST_EQUAL(ret, result);
TEST_EQUAL(flags, (uint32_t) flags_result);
TEST_ASSERT(cnt_restart >= min_restart);
TEST_ASSERT(cnt_restart <= max_restart);
@ -717,9 +715,9 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file,
TEST_ASSERT("No known verify callback selected" == 0);
}
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crt_verify_with_profile(&crt,
&ca,
@ -748,8 +746,8 @@ void x509_verify(char *crt_file, char *ca_file, char *crl_file,
f_vrfy,
NULL);
TEST_ASSERT(res == (result));
TEST_ASSERT(flags == (uint32_t) (flags_result));
TEST_EQUAL(res, result);
TEST_EQUAL(flags, (uint32_t) (flags_result));
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit:
@ -773,8 +771,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
mbedtls_x509_crt_init(&ca);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@ -784,8 +782,8 @@ void x509_verify_ca_cb_failure(char *crt_file, char *ca_file, char *name,
&compat_profile, name, &flags,
NULL, NULL);
TEST_ASSERT(ret == exp_ret);
TEST_ASSERT(flags == (uint32_t) (-1));
TEST_EQUAL(ret, exp_ret);
TEST_EQUAL(flags, (uint32_t) (-1));
exit:
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca);
@ -809,8 +807,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name,
verify_print_init(&vrfy_ctx);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@ -821,8 +819,8 @@ void x509_verify_callback(char *crt_file, char *ca_file, char *name,
name, &flags,
verify_print, &vrfy_ctx);
TEST_ASSERT(ret == exp_ret);
TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0);
TEST_EQUAL(ret, exp_ret);
TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0);
exit:
mbedtls_x509_crt_free(&crt);
@ -846,18 +844,18 @@ void mbedtls_x509_dn_gets_subject_replace(char *crt_file,
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
crt.subject.next->val.p = (unsigned char *) new_subject_ou;
crt.subject.next->val.len = strlen(new_subject_ou);
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
if (ret != 0) {
TEST_ASSERT(res == ret);
TEST_EQUAL(res, ret);
} else {
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
}
exit:
mbedtls_x509_crt_free(&crt);
@ -877,7 +875,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "subject") == 0) {
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
} else if (strcmp(entity, "issuer") == 0) {
@ -889,7 +887,7 @@ void mbedtls_x509_dn_gets(char *crt_file, char *entity, char *result_str)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp(buf, result_str) == 0);
TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
@ -1001,12 +999,12 @@ void mbedtls_x509_time_is_past(char *crt_file, char *entity, int result)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result);
TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result);
TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
@ -1025,12 +1023,12 @@ void mbedtls_x509_time_is_future(char *crt_file, char *entity, int result)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result);
TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result);
TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
@ -1049,7 +1047,7 @@ void x509parse_crt_file(char *crt_file, int result)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result);
exit:
mbedtls_x509_crt_free(&crt);
@ -1071,14 +1069,14 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif
@ -1086,7 +1084,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
memset(output, 0, 2000);
@ -1096,7 +1094,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1104,8 +1102,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL,
NULL) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1113,7 +1111,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1121,8 +1119,8 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL,
NULL) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1130,7 +1128,7 @@ void x509parse_crt(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1160,8 +1158,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
&oid) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
&oid), result);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1169,7 +1167,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
memset(output, 0, 2000);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1177,8 +1175,8 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
&oid) == (result));
TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
&oid), (result));
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
@ -1186,7 +1184,7 @@ void x509parse_crt_cb(data_t *buf, char *result_str, int result)
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
#endif /* !MBEDTLS_X509_REMOVE_INFO */
@ -1209,14 +1207,14 @@ void x509parse_crl(data_t *buf, char *result_str, int result)
memset(output, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result));
TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result));
if ((result) == 0) {
res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
TEST_ASSERT(strcmp((char *) output, result_str) == 0);
TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
exit:
@ -1238,12 +1236,12 @@ void mbedtls_x509_csr_parse(data_t *csr_der, char *ref_out, int ref_ret)
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
TEST_ASSERT(my_ret == ref_ret);
TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
TEST_ASSERT(my_out_len == strlen(ref_out));
TEST_ASSERT(strcmp(my_out, ref_out) == 0);
TEST_EQUAL(my_out_len, strlen(ref_out));
TEST_EQUAL(strcmp(my_out, ref_out), 0);
}
exit:
@ -1265,12 +1263,12 @@ void mbedtls_x509_csr_parse_file(char *csr_file, char *ref_out, int ref_ret)
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file);
TEST_ASSERT(my_ret == ref_ret);
TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
TEST_ASSERT(my_out_len == strlen(ref_out));
TEST_ASSERT(strcmp(my_out, ref_out) == 0);
TEST_EQUAL(my_out_len, strlen(ref_out));
TEST_EQUAL(strcmp(my_out, ref_out), 0);
}
exit:
@ -1288,7 +1286,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
mbedtls_x509_crt_init(&chain);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret);
/* Check how many certs we got */
for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
@ -1297,7 +1295,7 @@ void mbedtls_x509_crt_parse_path(char *crt_path, int ret, int nb_crt)
}
}
TEST_ASSERT(i == nb_crt);
TEST_EQUAL(i, nb_crt);
exit:
mbedtls_x509_crt_free(&chain);
@ -1323,20 +1321,20 @@ void mbedtls_x509_crt_verify_max(char *ca_file, char *chain_dir, int nb_int,
MD_OR_USE_PSA_INIT();
/* Load trusted root */
TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0);
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0);
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
NULL, NULL);
TEST_ASSERT(ret == ret_chk);
TEST_ASSERT(flags == (uint32_t) flags_chk);
TEST_EQUAL(ret, ret_chk);
TEST_EQUAL(flags, (uint32_t) flags_chk);
exit:
mbedtls_x509_crt_free(&chain);
@ -1361,9 +1359,9 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
MD_OR_USE_PSA_INIT();
while ((act = mystrsep(&chain_paths, " ")) != NULL) {
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0);
}
TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0);
if (strcmp(profile_name, "") == 0) {
profile = &mbedtls_x509_crt_profile_default;
@ -1380,8 +1378,8 @@ void mbedtls_x509_crt_verify_chain(char *chain_paths, char *trusted_ca,
res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
TEST_ASSERT(res == (result));
TEST_ASSERT(flags == (uint32_t) (flags_result));
TEST_EQUAL(res, (result));
TEST_EQUAL(flags, (uint32_t) (flags_result));
exit:
mbedtls_x509_crt_free(&trusted);
@ -1409,9 +1407,9 @@ void x509_oid_desc(data_t *buf, char *ref_desc)
TEST_ASSERT(ret != 0);
TEST_ASSERT(desc == NULL);
} else {
TEST_ASSERT(ret == 0);
TEST_EQUAL(ret, 0);
TEST_ASSERT(desc != NULL);
TEST_ASSERT(strcmp(desc, ref_desc) == 0);
TEST_EQUAL(strcmp(desc, ref_desc), 0);
}
exit:
@ -1435,11 +1433,11 @@ void x509_oid_numstr(data_t *oid_buf, char *numstr, int blen, int ret)
TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret);
if (ret >= 0) {
TEST_ASSERT(num_buf[ret] == 0);
TEST_ASSERT(strcmp(num_buf, numstr) == 0);
TEST_EQUAL(num_buf[ret], 0);
TEST_EQUAL(strcmp(num_buf, numstr), 0);
}
exit:
@ -1455,9 +1453,9 @@ void x509_check_key_usage(char *crt_file, int usage, int ret)
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret);
TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret);
exit:
mbedtls_x509_crt_free(&crt);
@ -1474,10 +1472,10 @@ void x509_check_extended_key_usage(char *crt_file, data_t *oid, int ret
mbedtls_x509_crt_init(&crt);
USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x,
oid->len) == ret);
TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len),
ret);
exit:
mbedtls_x509_crt_free(&crt);
@ -1503,14 +1501,14 @@ void x509_get_time(int tag, char *time_str, int ret, int year, int mon,
memcpy(end, time_str, (size_t) *(end - 1));
end += *(end - 1);
TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret);
TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret);
if (ret == 0) {
TEST_ASSERT(year == time.year);
TEST_ASSERT(mon == time.mon);
TEST_ASSERT(day == time.day);
TEST_ASSERT(hour == time.hour);
TEST_ASSERT(min == time.min);
TEST_ASSERT(sec == time.sec);
TEST_EQUAL(year, time.year);
TEST_EQUAL(mon, time.mon);
TEST_EQUAL(day, time.day);
TEST_EQUAL(hour, time.hour);
TEST_EQUAL(min, time.min);
TEST_EQUAL(sec, time.sec);
}
exit:
USE_PSA_DONE();
@ -1536,12 +1534,12 @@ void x509_parse_rsassa_pss_params(data_t *params, int params_tag,
my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
&my_salt_len);
TEST_ASSERT(my_ret == ref_ret);
TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md);
TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md);
TEST_ASSERT(my_salt_len == ref_salt_len);
TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md);
TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md);
TEST_EQUAL(my_salt_len, ref_salt_len);
}
exit: